offline primary keys

Hauke Laging mailinglisten at
Wed Sep 24 18:05:08 CEST 2014

Am Mi 24.09.2014, 11:39:33 schrieb David Shaw:

> If the primary key can't sign, they can't respond to this challenge. 
> A signing subkey isn't sufficient here, as it can be attached to any
> number of keys, so a signature from it does not prove access to the
> primary key.  Backsigs don't help this problem since backsigs only
> protect against a "stolen" subkey - not against one that is
> intentionally attached to multiple primary keys.

So what difference is this going to make in real life?

Somebody proves his identity with an official ID, claims towards 
witnesses that he owns the key with the respective fingerprint, controls 
the signing subkey (or not: If you can get a subkey signature from the 
mainkey why not a data signature?) and has a certification signature for 
this subkey.

And then what? A document appears and the key holder is held responsible 
for it. And then he just says "I don't own this key. I never did. I have 
no idea why you believe this was mine" or what?

Even your approach is not safe in an automated procedure. You might send 
the challenge to the wrong person who quotes the text and asks "Why have 
you sent this so me?". And this email is signed because every mail of 
this person is signed (not difficult to find such people, and they are 
not to be blamed for this). The stupid automated tool sees a message 
with the challenge, signed by the right key...

This is the usual problem that you don't know what signatures are 
supposed to mean. The solution would be a signature notation meaning 
"This signature is part of a certification check for key 

> [1] See, for example,

Interesting. What is

"UID collisions are possible, especially in RSA"

supposed to tell me?

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140924/39abe8aa/attachment.sig>

More information about the Gnupg-devel mailing list