subkey binding signature with no usage flags and/or a critical notation
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 14 17:05:36 CET 2013
On 03/13/2013 06:27 PM, David Shaw wrote:
> Yes. Having no flags set at all is treated as if there is no subpacket present. This may not be the best behavior.
yeah, i think this needs fixing.
>> I think GnuPG's handling of (at least) the third subkey is buggy, and
>> potentially dangerously so -- for example, if the "certify" bit is
>> present and set to 0, GnuPG should not accept a certification made from
>> the given subkey.
> It doesn't. Try it. The certify bit on subkeys is a slightly weird case. Briefly, all primary keys MUST be able to certify, but subkeys are not required to. In practice, GPG simply doesn't allow *any* subkey to certify. Even if you hacked the code to force creation of such a certification, GPG does not include it in the web of trust.
OK, i'm glad to hear that certification isn't treated this way (though
it's a bit weird for gpg to show the "C" usage flag if it doesn't
consider it acceptable).
However (certification aside), the other capabilities are just as
relevant. it's not appropriate for a subkey marked clearly as "not for
signing" to be treated as acceptable for signing documents, and it would
be a mistake for a subkey to be considered acceptable for encryption if
the keyholder had explicitly marked it as "not for use with encryption".
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1027 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel