How trust works in gpg...

[Christoph Anton Mitterer]

Dear Werner.

On Wed, 2008-04-16 at 09:42 +0200, Werner Koch wrote:
> What I meant are proofs based on the ability to decrypt a message.  That
> is not going to work if you do not have an encryption subkey.
Could you please find the time to explain this further? Why would it
only work with an encryption subkey (or didn't you want to exclude
encryption primary keys - I know they're not supposed to be used for
encryption)?


> Regarding signing challenges; they are fine as along as a signing subkey
> is available.
This sounds interesting.
What would I now from a signing challenge? What is it exactly? Ask the
peer to sign my challenge?
Any why wouldn't it work with the primary (signing) key.


> Like me, some folks keep their primary key offline and
> may even use a dedicated box for signing keys.  The challenges are thus
> somewhat cumbersome.
I do the same. Just out of curiosity, would you suggest that those
certification-only primary-keys use just the "C" flag (I forgot the
hex-code) for the key usage, to explicitly denotes "this key is only
used for certification"?

I've already thought about this, but you might such a certification-only
primary not only to sign OpenPGP keys, but e.g. to "certify" (in a human
readable form" your own X.509 (root) certificate, or perhaps symmetric
shared secrets, or OTR keys for the Pidgin IM.
If that makes sense, it would depend on whether the RFC means with the C
flag a general certification use (not only OpenPGP keys/UIDs) or only
certification of OpenPGP keys/UIDs.
In the later case one should probably stick with "CS"

What do you think?


Greetings,
-- 
Dipl.-Inf. (FH) Christoph Anton Mitterer

eMail:
christoph.anton.mitterer at physik.uni-muenchen.de
mail at christoph.anton.mitterer.name

Jabber/XMPP:
chat at christoph.anton.mitterer.name

Ludwig-Maximilians-Universität München
Lehrstuhl für experimentelle Physik – Elementarteilchenphysik
Sektion Physik
Am Coulombwall 1
85748 Garching bei München
Germany