limiting scope of signing subkeys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jun 7 16:13:51 CEST 2017
On Tue 2017-06-06 21:23:04 +0200, Guilhem Moulin wrote:
> I recall you and I discussed that on #debian-keyring a while ago
> (probably around the time I sent that mail to gnupg-devel) :-P Adding
> another capability sounds neat, but IMHO that won't scale if other folks
> want to limit the scope of their signing subkeys to other domains /
> types of data.
How about a non-critical notation "signing-scope" to the subkey binding
signature (or to the self-sig, if the primary key is marked as
signing-capable) which is a comma-separated list of domains? we could
enumerate a few different domains and people could add them as they
wanted:
* email
* software
then you'd add a new parameter to GnuPG's --verify-options
"signing-scope=foo", and it would accept signatures only from:
* signing-capable (sub)keys without the signing-scope notation
* signing-capable (sub)keys with the signing-scope notation with "foo"
in the list.
and signatures from any other key would be rejected.
Then people who want to constrain their keys can just issue new
subkey-binding signatures as needed.
wdyt?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170607/67cd5152/attachment.sig>
More information about the Gnupg-devel
mailing list