Dear Werner. On Wed, 2008-04-16 at 09:42 +0200, Werner Koch wrote: > What I meant are proofs based on the ability to decrypt a message. That > is not going to work if you do not have an encryption subkey. Could you please find the time to explain this further? Why would it only work with an encryption subkey (or didn't you want to exclude encryption primary keys - I know they're not supposed to be used for encryption)?
> Regarding signing challenges; they are fine as along as a signing subkey > is available. This sounds interesting. What would I now from a signing challenge? What is it exactly? Ask the peer to sign my challenge? Any why wouldn't it work with the primary (signing) key. > Like me, some folks keep their primary key offline and > may even use a dedicated box for signing keys. The challenges are thus > somewhat cumbersome. I do the same. Just out of curiosity, would you suggest that those certification-only primary-keys use just the "C" flag (I forgot the hex-code) for the key usage, to explicitly denotes "this key is only used for certification"? I've already thought about this, but you might such a certification-only primary not only to sign OpenPGP keys, but e.g. to "certify" (in a human readable form" your own X.509 (root) certificate, or perhaps symmetric shared secrets, or OTR keys for the Pidgin IM. If that makes sense, it would depend on whether the RFC means with the C flag a general certification use (not only OpenPGP keys/UIDs) or only certification of OpenPGP keys/UIDs. In the later case one should probably stick with "CS" What do you think? Greetings, -- Dipl.-Inf. (FH) Christoph Anton Mitterer eMail: [EMAIL PROTECTED] [EMAIL PROTECTED] Jabber/XMPP: [EMAIL PROTECTED] Ludwig-Maximilians-Universität München Lehrstuhl für experimentelle Physik – Elementarteilchenphysik Sektion Physik Am Coulombwall 1 85748 Garching bei München Germany _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
