subkey binding signature with no usage flags and/or a critical notation

[Daniel Kahn Gillmor]

On 03/13/2013 06:27 PM, David Shaw wrote:
> Yes. Having no flags set at all is treated as if there is no subpacket present.  This may not be the best behavior.

yeah, i think this needs fixing.

>> I think GnuPG's handling of (at least) the third subkey is buggy, and
>> potentially dangerously so -- for example, if the "certify" bit is
>> present and set to 0, GnuPG should not accept a certification made from
>> the given subkey.
> 
> It doesn't.  Try it.  The certify bit on subkeys is a slightly weird case.  Briefly, all primary keys MUST be able to certify, but subkeys are not required to.  In practice, GPG simply doesn't allow *any* subkey to certify.  Even if you hacked the code to force creation of such a certification, GPG does not include it in the web of trust.

OK, i'm glad to hear that certification isn't treated this way (though
it's a bit weird for gpg to show the "C" usage flag if it doesn't
consider it acceptable).

However (certification aside), the other capabilities are just as
relevant.  it's not appropriate for a subkey marked clearly as "not for
signing" to be treated as acceptable for signing documents, and it would
be a mistake for a subkey to be considered acceptable for encryption if
the keyholder had explicitly marked it as "not for use with encryption".

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130314/521871ee/attachment.sig>