[Sks-devel] dealing with misplaced signatures

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed Aug 1 01:16:18 CEST 2012


On 2012-08-01 00:53, Daniel Kahn Gillmor wrote:
> On 07/31/2012 06:04 PM, Kristian Fiskerstrand wrote:

...

> 
> If anything, the current sks implementation is violating RFC 4880, which
> clearly states that transferable public key certificates contain:
> 
>      - After each Subkey packet, one Signature packet, plus optionally a
>        revocation
> 

Hi Daniel,

What complicate it a bit is that an argument can be made that this, from
11.1 [0], "The essential elements of a transferable public key are as
follows:" is a non-exhaustive list, i.e. it is more of a minimum
requirement than a full spec (by the use of the word "essential").

[0] http://www.ietf.org/rfc/rfc4880.txt

-- 
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120801/f2d35194/attachment-0001.pgp>


More information about the Gnupg-devel mailing list