Re: Signature calculation language
hal@finney.org ("Hal Finney") Tue, 11 October 2005 22:32 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPSfR-0002G9-FJ for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 18:32:17 -0400
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07713 for <openpgp-archive@lists.ietf.org>; Tue, 11 Oct 2005 18:32:13 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMO0qO041177; Tue, 11 Oct 2005 15:24:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BMO00W041176; Tue, 11 Oct 2005 15:24:00 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMNsff041166 for <ietf-openpgp@imc.org>; Tue, 11 Oct 2005 15:23:59 -0700 (PDT) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 0352B57EF9; Tue, 11 Oct 2005 15:25:00 -0700 (PDT)
To: dshaw@jabberwocky.com, ietf-openpgp@imc.org
Subject: Re: Signature calculation language
Message-Id: <20051011222500.0352B57EF9@finney.org>
Date: Tue, 11 Oct 2005 15:25:00 -0700
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
David Shaw writes: > Wondering - should the embedded 0x19 signature be a MUST? Lacking a > 0x19 allows the signing subkey to be "stolen" onto another primary > key. To remind readers, the 0x19 signature is issued by signing subkeys on top-level keys, so that we have two-way binding. The top key signs the subkey and the subkey signs the top key, so each key agrees that they belong together in a pair. The problem is that if it is not a MUST, someone who does create such a 0x19 back signature to bind his subkey is still at risk of it being stolen. The thief would bring just the subkey over and put a new signature on it by his top key, and there would be no sign of the 0x19 signature the victim had created to try to stop this theft. There would be no 0x19 signature on the new key, but if it is not a MUST then we might have to assume that this was just a choice by the key holder not to create one. So it does seem like it must be a MUST in order to be an effective deterrent. One possible problem is if there is any substantial set of signing subkeys in use that don't have the 0x19 signature. Signatures issued by those keys might become invalid. I don't think we have any from pgp.com, we did not previously support signing subkeys. Hal Finney
- Signature calculation language "Hal Finney"
- Re: Signature calculation language Daniel A. Nagy
- Re: Signature calculation language Jon Callas
- Re: Signature calculation language David Shaw
- Re: Signature calculation language "Hal Finney"
- Re: Signature calculation language Daniel A. Nagy
- Re: Signature calculation language David Shaw
- Re: Signature calculation language Werner Koch
- Re: Signature calculation language Jon Callas
- Re: Signature calculation language Jon Callas