[Top] [All Lists]

[openpgp] OpenPGP certificate structure: multiple binding signatures on subkeys? (MR 43)

2021-05-21 12:25:17
Hi OpenPGP folks--

in and vanitasvitae
suggests that the structure for OpenPGP certificates (aka "Transferable
Public Keys", aka "keyblocks") is wrong.  He recommends this change:

--- a/
+++ b/
@@ -2914,8 +2914,8 @@ The format of an OpenPGP V4 key that uses multiple public 
keys is similar except
         User ID [Signature ...]
        [User ID [Signature ...] ...]
        [User Attribute [Signature ...] ...]
-       [[Subkey [Binding-Signature-Revocation]
-               Primary-Key-Binding-Signature] ...]
+       [[Subkey [Binding-Signature-Revocation ...]
+               Subkey-Binding-Signature ...] ...]
 A subkey always has a single signature after it that is issued using the 
primary key to tie the two keys together.
 This binding signature may be in either V3 or V4 format, but SHOULD be V4.

There are two things happening here:

 - the binding signature is correctly identified as a
   Subkey-Binding-Signature, not a Primary-Key-Binding-Signature. (the
   primary-key-binding signature (the "cross-sig") is, where
   appropriate, expected to be embedded in the subkey-binding-signature

 - there can be more than one binding sig revocation, and more than one
   subkey binding signature

This matches my understanding of how OpenPGP certificates are
structured, and I believe most implementations work this way.

I've opened
to request a test for this, but it may not be necessary if the WG has
consensus that this is correct.

I note that if the change in the structure is correct, then the text
below it should also be changed (it should not say "has a single
signature after it…")


Attachment: signature.asc
Description: PGP signature

openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>