Compatibility problem ??

David Shaw
Wed Mar 13 16:43:02 2002

On Wed, Mar 13, 2002 at 11:57:57AM +0100, Volker Gaibler wrote:
> On 12 Mar 2002, at 22:14, Werner Koch wrote:
> > Another reason for this might be that the key has been retrieved from
> > a keyserver and the keyserver removed the (encryption) subkeys due to
> > a bug. 
> On 12 Mar 2002, at 10:01, Steve Butler wrote:
> > You're message almost sounds like you sent them a public key that can only
> > sign but not encrypt. 
> Thanks for your hints. A keyserver problem is not possible because I did not 
> use a keyserver (I first wanted to try this with a test key without spreading 
> it). 
> I think I have an answer despite I don't really know whether I did
> something wrong. The ElGamal subkey is present (for encryption only)
> but there is also a DSA subkey. GPG has no problems with that subkey
> but I think PGP 6/7 (which I've tried) can't handle it because
> everything worked after I removed it.

Yes.  PGP does not support signing subkeys.

> As I read in the OpenPGP-RFC it should be compliant to have such DSA
> subkey but it's no problem that I can't use it because I didn't want
> to do this later anyway. Only the top level key provides signature
> services so this should not be of any practical use to me - or is
> it?

There is a practical use - many people like to set expiration dates on
their subkeys and/or rotate them every now and then.  Using a signing
subkey this way means you don't have to generate a new key and get it
signed each time.

Using a signing subkey also means you can keep your primary key
offline and just use the subkeys for signing and encryption.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson