On 06/13/2011 01:05 PM, Jerome Baum wrote: > Of course, you could solve this problem by signing with a sub-key, > which isn't meant to certify other keys. I do wonder how e.g. PGP > would react on seeing a key certification from a sub-key.
it should depend on whether the key usage flags for the subkey (in the
subkey binding signature) include the "Certification" capability.
OpenPGP certifications issued by subkeys without the "Certification"
capability should be no more valid than any other random string of bits.
Regards.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
