Hey!
RFC 4880 states, that subkeys need to have a signature by the "top
level" certification key
(https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.1, subkey
binding signature):
This signature is a statement by the top-level signing key that
indicates that it owns the subkey.
Now I would like to know, whether this rules out the possibility that a
subkey itself may have a subkey. Allowing for such constructions would
be interesting for per-device keys in multi-device settings:
An Account Key Alpha owns two Device subkeys A and B, which in turn own
encryption and signing subkeys aE,aS and bE,bS.
Revocation and Expiration could work as usual (revocations/expirations
on higher level keys affect lower-level keys, not the other way round).
I see no obvious issues which might prevent this, apart from the
ambiguous definition quoted above.
Has anyone already experimented with such constructions? If so, did you
encounter any issues which would need to be taken into consideration?
Paul
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp