According to RFC 4880 "For subkeys that can issue signatures, the subkey binding signature MUST contain an Embedded Signature subpacket with a primary key binding signature (0x19) issued by the subkey on the top-level key."
The sub key of the following key (key ID 0549B8A5640444E6) is valid for signing (RSA Encrypt or Sign) but it does not contain a primary key binding signature: http://pgp.mit.edu/pks/lookup?search=0x0549B8A5640444E6&op=index Enigmail tells me that the sub key is valid for signing. It might be that I misunderstand the requirement but it seems that in this case the key should not be used for signing since it lacks the primary key binding signature. I know that this requirement is relatively recent so it might be that for this key the current behaviour is for backward compatibility reasons. Is there some documentation on how GPG handles signing sub keys without a valid primary key binding signature? Kind regards, Martijn Brinkers _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users