subkey binding signature with no usage flags and/or a critical notation

[Nicholas Cole]

I'm a little worried by this thread and a similar thread.  If I understand
correctly, the key usage flags are there in large part to ensure the
integrity of the underlying cryptography by ensuring that a key meant for
signing is not used for encryption and vice-versa, and thereby to close
some potential weaknesses.  I can see that the "Certification" flag muddles
things a little, but I think the principle is still there that the flags
designate fairly fundamental operations.

Hints as to what a key should be used for are typically part of the User-id
packets.  And perhaps there is no harm in having a subkey marked with a
critical notation hinting at an application-sepecific use.  And if it
really is "critical" that this be observed, then of course applications
that do not understand that notation should not use the key.

All the same, wanting to use one subkey for one application (email) and
other for another service seems to me to be attempting to push the
key-subkey framework beyond its design limitations.  I *certainly* think
you shouldn't be generating keys that have no usage flags.  That looks to
me as if it is certain to (at best) introduce interoperability issues and
(at worse) introduce the potential for some security-undermining errors.

But I'm not a cryptographer, so perhaps I've misunderstood.

At any rate, I've always thought that people would be best off generating a
new key for each individual use (the classic case being home vs work)
rather than attempting to do complicated operations involving subkeys and
the like.

But perhaps I've just misunderstood the intention.

Best wishes,

N.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130314/e6791bd2/attachment.html>