implications of subkeys?

Frank Tobin ftobin@neverending.org
Wed Feb 27 04:05:02 2002


Nick Andriash, at 18:26 -0800 on 2002-02-26, wrote:

> > AFAK subkeys are not signed, you must be thinking of alternate uids?
>
> To be honest with you, I'm beginning to wonder what the signatures are
> attached to. ;o(

Other people sign your uids to verify that the uid is associated with your
primary key.  You also sign your uids, so that it is known that the uid is
attached to your key.

> Signing (master) Key or Signing subkey? Are any signatures attached to
> any subkeys? If not, then I can begin to understand what Frank was
> referring to.

Only you sign your subkey, to indicate that it is tied to your public key.

Forgive me if this is inaccurate, but this is what I remember from trying
to implement a key structure in GnuPG::Interface that mimicked RFC 2440:

Primary Key
  ->uid1
    -> you sign
    -> bob signs
    -> alice signs
  -> uid2
    -> you sign
    -> charlie signs
  -> subkey1
    -> you sign
  -> subkey2
    -> you sign

-- 
Frank Tobin		http://www.neverending.org/~ftobin/