Robot CA at

David Shaw
Tue Dec 10 18:59:01 2002

On Tue, Dec 10, 2002 at 11:50:08AM -0600, Richard Laager wrote:

> Can signing subkeys be used to make signatures on other keys? I
> believe the answer is no, from this post:
> If signing subkeys could be used for key signatures, the robot would
> only need the secret portion of a subkey. If that machine was
> compromised, that subkey could be revoked, and another subkey could
> be used. Also, this would allow for the signing subkey to expire
> without having to expire the main robot key. This provides the
> advantage that those trusting the robot key don't need to worry about
> finding and trusting a new robot key.
> Adding this capability would surely break compatibility with other
> OpenPGP applications, right? I'm not suggesting this should be
> implemented, I'm just thinking out loud.

Yes, this would be nice for this purpose, but as you say, it would
break compatibility with other OpenPGP applications.  Nothing in the
standard says you can't have a key signing subkey, but at the same
time nothing in the standard says you have to.  In practice, no
program does.

You can implement almost the same thing by having the robot operator
make a master robot key, which is kept secure, and then signing the
robot key with the master robot key.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson