subkey binding signature with no usage flags and/or a critical notation

Daniel Kahn Gillmor dkg at
Fri Mar 15 21:34:51 CET 2013

On 03/15/2013 03:13 PM, Werner Koch wrote:

>> sub:u:512:17:24940DE048B80074:1362695370:1365287370:::::sca:
>> sub:u:768:17:867E55E65BA8B581:1363119647:1363724447::::::
> What do you think:  Should be use '-' to indicate indicate that all-zero
> key flags case?  Without that we won't be able to see unknown key flags.

i think the empty string is a clear and unambiguous description of "no
key flags set".  I don't see a need to special-case a "-", but i'd be
willing to entertain the idea if you have a use for it.  I'd just leave
it as is, if it were up to me.

> Set margins to 80 and check again ;-)  The line was a little bit too
> long, thus I fixed that en passant.

if you say so :)

>> Do you think it's worth applying the small changeset i suggested earlier
>> that allows creation of all-zero usage flag subpacket as well, or is
>> that something that we should treat separately?
> Please wait two week so you don't need to exchenge legal papers with the
> FSF.  And please only for master.

My patch was just removing 3 lines ( ~ 30 bytes ) from
do_add_key_flags() in g10/keygen.c -- i don't see any sort of copyright
pertaining at all, but i'm fine waiting if you want me to wait.

Out of curiosity: why only apply this to master?  is the goal to ensure
that there is a chance for the handlers to propagate widely before any
tool makes it easy to build?

I'm assuming you are OK applying the subkey flag usage fix (your patch)
to all maintained branches; it's just the patch that allows one to
generate these keys that would be master-only, right?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130315/84daf279/attachment.sig>

More information about the Gnupg-devel mailing list