Certification signatures on subkeys

David Shaw dshaw at jabberwocky.com
Wed Jan 30 19:46:10 CET 2008

On Wed, Jan 30, 2008 at 10:44:26AM -0500, Mihai Ibanescu wrote:
> Hi,
> I noticed something strange on a key I imported:
> http://pool.sks-keyservers.net:11371/pks/lookup?search=0x10FA4CD1&op=vindex
> As you can see, the subkey has certification (type 0x10-0x13) signatures on
> its subkey.
> At least the way I read RFC4880, the only types of signatures that should be
> present on a subkey are key binding or revocation signatures.

That is correct.

The key is a little bit mangled.  GPG ignores 0x10-0x13 signatures on
subkeys, as they are not allowed there.


More information about the Gnupg-devel mailing list