Can signing subkeys certify keys?

[Konrad Podloucky]

--=-lxr0QEwM4BcGyBlgrdx3
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-11-18 at 20:39, David Shaw wrote:
> [...]
> The OpenPGP standard does not specify a trust model, so you can
> theoretically use a signing subkey for anything you like.  However, as
> a practical matter it is not a good idea.  The web of trust is built
> by signatures from primaries on primaries, so a subkey signature would
> not be usable as part of the web of trust.  Because of this, signing
> subkeys are only permitted to sign data and not other keys.
>=20
> The --with-colons listing is incorrect here, and has been fixed for
> the next release of GnuPG.
>
Thanks for clearing things up, David. I can understand why primary keys
should be used to issue exportable signatures. However I had hoped that
I at least could use my secondary key for locally certifying keys for
convenience' sake (as I keep my primary on another non-networked
machine). Nevermind, one gets used to swapping floppies I guess :)

Bye,
	Konrad

--=20
"All this marching up and down and cheering and waving flags is=20
 simply sex gone sour."
                        --George Orwell, "Nineteen Eighty-Four"

--=-lxr0QEwM4BcGyBlgrdx3
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Comment: For key usage policy see http://www.crunchy-frog.org/pgp/policy.html

iQEVAwUAPdlK+SV8Kic3b+OjAQK5aAf/dcAzkeWx0rzQhVKUxJBOXzbvGQJ3xQ9O
tapaX/h7gtbt5FRGnV1QD47lMnvs3YAuDycDuuwPJf9/HGtiRD9j0BwOsBXrcBRm
vlN+jR7rCyIC0T5EZTg862EcZOtzPA6c2/YY2wbIzOTdzUeX9wAFgEEnxoqFrBSr
fz93+nR3WN7k3cq1kGd4d3kmmTVOrpFKIcg5mzGf+5MvOCHMi7zI+UZ3AucR24nf
8st9FNnv0Onj0FH9NyRQSCJGl3GAlUMrFd+X/jwoGD6yvqVblGzy2E8Kstpx3FOB
f5sx46uFivaRe5nkJPryoAtob4JxB8UrbOyYfSD9JAzzRATYxf6y3A==
=FkT/
-----END PGP SIGNATURE-----

--=-lxr0QEwM4BcGyBlgrdx3--