subkey binding signature with no usage flags

Nicholas Cole nicholas.cole at
Sat Sep 14 19:42:39 CEST 2013

On Sat, Sep 14, 2013 at 5:45 PM, Daniel Kahn Gillmor
<dkg at> wrote:
> On 09/14/2013 12:26 PM, Robert J. Hansen wrote:
>> On 9/14/2013 11:44 AM, Daniel Kahn Gillmor wrote:
>>> This is a security vulnerability because it exposes messages that
>>> should be confidential to decryption by keys that are not intended or
>>> designated for that purpose.
>> You have not discovered a security vulnerability in either GnuPG or SKS.
> The issue under discussion in this thread has nothing to do with SKS.
>>  You have discovered that users who are not as clever as they think can
>> use the --expert flag to do foolish things, and that some of these
>> foolish things have consequences attached.
> This also has nothing to do with gnupg's --expert flag.  Neither stable
> branch of GnuPG can in its current form generate keys with all the usage
> flags set to zero.
> This is about interoperability with other OpenPGP implementations
> (including possible future versions of GnuPG, but that's a separate
> issue) that may include the ability to set an all-zero key flags
> subpacket in their subkey binding signatures.
>> To this, all I can say is I hope the GnuPG developers triage this as
> This bug is already fixed in the master branch.  Are you suggesting that
> the fix should be reverted?

This wasn't a bug, it was a new feature request.  I still don't
understand the wisdom of it. As far as I know there are no other
implementations that do anything like this. As such, there is no
'interoperability' issue, and for that matter I don't know how other
implementations handle keys with no usage flags set.   It all seems a
bit too clever.  If I remember correctly, you want this so that you
can have subkeys reserved for specific protocols.  I've never quite
understood what the benefit of this is.  Moreover, I never understood
why it couldn't have been achieved with a critically flagged notation,
without needing to change anything about the key usage flags.

I really don't mean to sound unduly negative - but key management is
already very complicated in gpg.  I'm all for adding things with a
genuine utility, but not really for adding things that add complexity
without really adding security.

But, as you say, it's in the Master now.


More information about the Gnupg-devel mailing list