most convenient key type?

David Shaw dshaw@jabberwocky.com
Thu Aug 22 00:49:02 2002


On Thu, Aug 22, 2002 at 12:17:18AM +0200, Janusz A. Urbanowicz wrote:
> David Shaw napisa?[a]/wrote/schrieb:
> > There are still the two catches I mentioned before - most keyservers
> > don't like this key and until the keyserver bugs are fixed, I can't
> > upload the whole key (I have to leave off one of the subkeys to avoid
> > the key corruption bug), and that PGP won't verify a signature made by
> > the signing subkey.  GnuPG and PGP-ckt will.
> 
> It is always possible to use primary key for signing if necessary. And I am
> not afraid of the keyserver problems because I couldn't upload my
> current(provious) key anyway - it had subkeys and other stuff keyservers
> don't like.
> 
> BTW: it is legal/a good thing to put URI of the signing key in the signature
> notation? What are notations for anyway?

Legal if you do it right.  Notations are for future expansion of
signatures.  Currently, the only officially defined notation names are
the "user defined" ones.  Basically, you can use any name you like so
long as there is a "@" sign in it.  The idea here is that you create a
name like "my_notation_type@mydomain.com" and you can put whatever you
like in the value.  There are a few (officially undefined, and
therefore not "legal") other tags in use at the moment, most notably
"COMMENT".

However, if the intent here is to show users where to get your key,
there is a better way in the "preferred key server" subpacket.  This
is a URL (so it can be a file) of where to get your key, and it can be
in any signature.  GnuPG does not currently support this, but it's
pretty easy to add (just reuse all of the existing policy URL code).

One somewhat roundabout way to do it is to use a signature policy URL.
For example, take a look at Douglas Calvert's key 0x13300731.  When I
signed it, I included a policy URL that directs people to
  http://notary.jabberwocky.com/keysign/0805753113300731
I could pretty easily add a link to that page saying something like
"...and to download my key, click here".

The preferred key server subpacket is probably the best way to go.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson