offline primary keys
mailinglisten at hauke-laging.de
Wed Sep 24 18:05:08 CEST 2014
Am Mi 24.09.2014, 11:39:33 schrieb David Shaw:
> If the primary key can't sign, they can't respond to this challenge.
> A signing subkey isn't sufficient here, as it can be attached to any
> number of keys, so a signature from it does not prove access to the
> primary key. Backsigs don't help this problem since backsigs only
> protect against a "stolen" subkey - not against one that is
> intentionally attached to multiple primary keys.
So what difference is this going to make in real life?
Somebody proves his identity with an official ID, claims towards
witnesses that he owns the key with the respective fingerprint, controls
the signing subkey (or not: If you can get a subkey signature from the
mainkey why not a data signature?) and has a certification signature for
And then what? A document appears and the key holder is held responsible
for it. And then he just says "I don't own this key. I never did. I have
no idea why you believe this was mine" or what?
Even your approach is not safe in an automated procedure. You might send
the challenge to the wrong person who quotes the text and asks "Why have
you sent this so me?". And this email is signed because every mail of
this person is signed (not difficult to find such people, and they are
not to be blamed for this). The stupid automated tool sees a message
with the challenge, signed by the right key...
This is the usual problem that you don't know what signatures are
supposed to mean. The solution would be a signature notation meaning
"This signature is part of a certification check for key
>  See, for example, https://dougbarton.us/PGP/PGP-Keysigning.pdf
Interesting. What is
"UID collisions are possible, especially in RSA"
supposed to tell me?
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel