Certification-only key

Lionel Elie Mamane lionel at mamane.lu
Tue Sep 6 01:03:00 CEST 2005

On Mon, Sep 05, 2005 at 04:46:46PM -0400, David Shaw wrote:
> On Mon, Sep 05, 2005 at 09:35:50PM +0200, Lionel Elie Mamane wrote:
>> On Mon, Sep 05, 2005 at 01:46:07PM -0400, David Shaw wrote:

>>> It's not necessarily a good idea though: some people before agreeing
>>> to sign a key will ask for a signed message to prove that you "own"
>>> the secret portion of the key they are about to sign.

>> I would obviously have at least one data-signing subkey. I presume
>> these people would take a signature from such as subkey. Or
>> decryption of a nonce they sent me encrypted to an encryption
>> subkey.

> They might, but really shouldn't (I wouldn't).  When you make a
> certification signature on someone elses key, you're signing the
> primary key plus the user ID in question.  There is no benefit in
> receiving a signed challenge from any key other than the primary.

But that subkey is attached to the primary key by a signature of the
primary key. Isn't then control of that subkey enough to "prove"
control of the primary key?


 1) Signature scheme cryptographically broken. We have a bigger

 2) Primary key owner has done stupid things, like sharing subkeys
    with others. But if we assume he has done that, we might as well
    assume he would sign the challenge a man-in-the-middle attacker
    has forwarded him or shared his primary key or ...

Where's the flaw in the reasoning?

>> You could argue I could have this without marking the key as
>> certificate-only, by never issuing data signatures with the primary
>> key. That's harder on me. I have to be more cautious. Over the course
>> of twenty years, I *will* screw up.

> GnuPG actually makes it hard for you to screw up here.  If there is
> a subkey that can sign, GnuPG will use it rather than the primary.
> The only way to get a signature (as opposed to a key certification)
> from the primary is to specify its key ID explicitly with an
> exclamation point.

Ah. Good. I just hope mutt doesn't pass the KeyID with an exclamation
point. Should check that.


More information about the Gnupg-users mailing list