Hi.
Took a while but now I've time to answer.
David Shaw wrote:
Ah,... I see,.. but is this problem only limited to signing subkeys? It
should be, right? Because the primary is protected by the selfsigned
user id? Or is there another reason? (just want to check if I'm slowly
understand how all these things work :-D )
Not exactly. The problem is limited to signing subkeys because
identity is attached to the primary key. When you make a signature
with your primary key, you're saying "key XXXX made this signature,
and key XXXX is owned by Joe Smith".
How is a signature bound to the key that made the signature? Just by the
encrypted hash (by encrypting with the private key of the signer) or
does it contain information like fingerprint (of the signing key) or
which UID was used, too?
I thougt it is like the following:
"key XXXX made this signature"
than I look at my pubring and see:
"i have a key XXXX" and "an UID YYYY is attached to it"
Or not?
When you make a signature with a
signing subkey, you're saying "key XXXX made this signature, and key
XXXX is owned by key YYYY and key YYYY is owned by Joe Smith".
Same as above, I thought it would work the following:
"(sub)key WWWW made this signature"
than I look at my pubring and see:
"i have a subkey WWWW" and "an subkey is is bound by 0x18 to primary key
XXXX"
than I look at my pubring and see:
"i have a key XXXX" and "an UID YYYY is attached to it"
Or not?
The problem is that only key YYYY (the primary) asserts ownership of
key XXXX (the signing subkey), which means that ZZZZ (someone elses
primary) can come along and also assert ownership of XXXX. The fix
("back signatures") is to have XXXX assert posession by YYYY. This
foils ZZZZ since she cannot issue a signature from XXXX.
Yes,.. that was clear,.. btw: is there a special tag for backsignatures
used?
Is it correct that the primary has not directly a single self sig
packet, but rather 0x13s are used therefor? If so,.. what is 0x1F
(signature direct on key) used for? I thought this is used for primary
selfsigs.
No, 0x13 (or 0x10, 0x11, 0x12) are used to sign a user ID and primary
key together. Historically, people call this "signing a key", but
it's really signing a user ID + key.
Ok,.. in principle it was clear,.. I just thought, that 0x10-13 are used
only for signing other user's keys.
0x1F signatures are truly signing a key alone.
Can you give me an example where someone would do this? I mean what this
is useful for?
Yes, indeed.
I suggest that gpg should behave the following:
- suggest adding backsigs if it finds a private/public keypair without
backsigs (most users won't notice the backsin command)
- of course warn a user if it finds signed data by a signing subkey
which don't have backsigs. I'd even go so far to say that gpg should
tell that the sig is invalid at all.
Take care,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted-printable:;;Lothstra=C3=9Fe 34;M=C3=BCnchen;Freistaat Bayern;80335;Federal Republic of Germany
email;internet:[EMAIL PROTECTED]
tel;home:+49 89 24409568
tel;cell:+49 172 8617341
x-mozilla-html:TRUE
url:http://fhm.edu/
version:2.1
end:vcard
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
