Virtual Keysignings

David Shaw dshaw@jabberwocky.com
Fri Jun 6 15:27:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Jun 06, 2003 at 11:22:03AM +0200, Werner Koch wrote:
> On Fri, 6 Jun 2003 09:20:42 +0200, Adrian 'Dagurashibanipal' von Bidder said:
> 
> > I usually send the key in an encrypted email to the email address in the 
> > userid, I think this takes care of this problem. The poeple who have enough 
> 
> I don't have an encryption subkey on my certification key.  So this
> won't work for me and some others.  However, I will reconsider this,
> now that PGP 8 can cope with signing subkeys.

Be careful.  Someone was unable to encrypt a message to me using PGP 8
and it turned out there is a bug.  A key with a signing subkey that is
newer than the encryption subkey cannot be used for encryption in PGP
8 (or 8.0.2).  A key where the encryption subkey is newer than the
signing subkey can be used for encryption.

This doesn't mean you can't have a signing subkey, but it does mean
the most recent valid subkey must be an encryption subkey, or else you
can't encrypt to the key in PGP 8.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+4JbG4mZch0nhy8kRAlqDAJ9Qd5sDKBXypr6kmRGoC7a7CBbNIwCfRkyi
cRC9QOq0BsIguUhlSdOJYXg=
=4/zu
-----END PGP SIGNATURE-----