offline primary keys [was: Re: Why 2.1 is delayed for so long]

Robert J. Hansen rjh at
Wed Sep 24 20:45:09 CEST 2014

> When you certify a subkey, you mean "I and only I have access to the 
> private component".

Not necessarily.  You're introducing policy.

> But yes, if OpenPGP does not formalise a meaning for certifications, 
> that is a design flaw, not a problem with my proposal per se.

Be careful: you might be wandering into a thicket here.

Some years ago David and I had a vehement argument over on PGP-Basics
over whether signatures were interchangeable.  The argument fizzled out
when we realized we were talking past each other: he was saying
(correctly) that *syntactically* signatures across different levels were
different and easy to distinguish, and I was saying (correctly) that
*semantically* OpenPGP ascribes little difference between signature
levels and thus in the absence of specific policy guidelines signatures
across different levels are interchangeable.  (A persona-level signature
is the same as a fully-vetted signature as far as what semantic meaning
OpenPGP ascribes to it goes.)

The moral of this story: Syntax and semantics are different.  OpenPGP
cares a lot about the former and almost nothing for the latter.

When you talk about "formalize a meaning", that sounds a lot to me like
semantics -- and the OpenPGP committee made a deliberate choice to avoid
semantics as far as possible.  The choice of what semantics should be
associated with what syntax in what contexts ... that's policy.

More information about the Gnupg-devel mailing list