Migrating keys (fwd)

Atom 'Smasher' atom-gpg at suspicious.org
Thu Nov 27 22:27:06 CET 2003

> No.  When you sign a key, you sign the primary, and you sign a user
> ID.  You do not sign a subkey, and thus you are not making a statement
> in any way, shape, or form about the number, quality, or otherwise of
> the subkeys.  Don't read too much into what a key signature means.
> Key signatures have exactly nothing to do with subkeys.

i'm not trying to say that signing someone else's key is a certification
that their sub-key(s) are authentic (i'm actually trying to point out
where that common assumption breaks down), but it's generally considered
to be the case, and the current trust model doesn't complain when that
assumption is made.... in fact, the current trust model helps people feel
comfortable making that [false] assumption.

although a 3rd party signature really does bear no relationship to the sub
key(s), most of us consider it convenient to think that it does.

btw, is there a (simple) way to certify (or have certified) a sub-key, by
a 3rd party?

i can think of a few ways that are not so simple...


 PGP key - http://smasher.suspicious.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"There is a theory which states that if ever anyone discovers
	 exactly what the Universe is for and why it is here, it will
	 instantly disappear and be replaced by something even more
	 bizarrely inexplicable. There is another theory which states
	 that this has already happened."
		-- Douglas Adams

More information about the Gnupg-users mailing list