elGamal Keys to Sign+Encrypt
Tue Jan 14 19:43:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
At 21:27 2003-01-13 -0500, you wrote:
>On Mon, Jan 13, 2003 at 04:57:06PM -0800, Len Sassaman wrote:
>> On Mon, 13 Jan 2003, David Shaw wrote:
>> > However, that said, why should a CA care? I wouldn't make the CA
>> > signing key an Elgamal signing key, but it shouldn't matter if you
>> > certify an ElGamal key.
>> It depends on your CSP. A CA is making an assertion that the entity
>> possessing the secret key corresponding to a given public key is or has
>> some bit of information included in the certificate.
>Well, I agree that it comes down to policy. My point was that there
>is no technical issue with making such a signature.
>However, it is an interesting question what the appropriate policy is.
>> If the public key algorithm is too weak to reasonably trust that the
>> private key cannot be discovered by a third party, it is not wise to
>Traditional OpenPGP certification signatures do not attempt to say
>more than some variation on "I certify that such-and-such entity (or
>role) matches such-and-such key". I'm not talking about trust
>signatures here, of course, which are a different beast. It raises
>some interesting issues whether the signer should take into account
>something other than key ownership when making a certification. There
>are of course exceptions to this, and a signer is free to do whatever
>the heck they like anyway.
>How different is the example above with signing the key of someone who
>is known to make willy-nilly bad signatures? Your certification is
>still strong, despite the poor certification policy that the keyholder
>has. On the other side of this is the fact that nobody likes to be
>the one to "enable" a weak link in the web of trust.
>No one answer here, I'm afraid.
My answer is that it is important that a CA publishes the policy. Everyone
can then decide how much to trust the CA (that applies to the robot-CA as
It might be useful with a CA with a restrictive policy: it might be more
trusted than other CA:s.
In fact it's the only reson not to have only robot-CA:s: i.e. a human CA
has the advantage to be able to perform complicated checks and have a
judgment of what to sign. Even a robot can deny to sign certain kinds of
keys ... ;-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.9096
-----END PGP SIGNATURE-----