Series of minor questions about OpenPGP 3
p4.thomas at googlemail.com
Tue Jan 27 13:46:30 CET 2009
Ok this is a first bunch of questions on signatures (again both
specific for gnupg but perhaps also common for OpenPGP).
Would be glad if someone could help me with answering these (David?! xD).
1) For the 0x11 signature the RFC says "...has not done any
verification of the claim that ..." which as far as I understand means
"The signer simply signed the key without checking the keyholders
Does gpg include this signature type in its trust-calculations or is
it simply ignored (no matter whether I directly signed another key
with a 0x11 or whether its "in the middle" of a trust-path between me
and someone else?
And if so, is this generally claimed by the RFC? I mean will every
implementation behave like this (ignoring 0x11s) when it follows the
2) Why are the 0x19 signatures only used as embedded signatures? I
mean wouldn't it be the same to simply add them as another "top level"
3) I've understood why we need a "backsignature" (the 0x19) for
signature subkeys, but why don't we need one for encryption subkeys?
4) I've looked at the different revocation signature types. It seems
that it's not possible to revoke 0x00, 0x01, 0x02, 0x40 and 0x50
Is this desired? I mean I understand that these signature types can
also be applied to casual data (and not just keys) but one could think
of "revocation servers" like keyservers that could be asked whether
some signature is still considered to be valid.
5) I've looked at the layout of v4 signatures, which lead me to two questions:
a) What does gnupg put in this unhashed area. I mean which subpacket
types (at maximum).
b) This two octet field containing the left 16 bits of the signed
hash, doesn't this allow some kind of DoS attack? In the sense that
someone that captures and modifies the OpenPGP message can change
these two octets and an implementation that looks at these would
immediately say "invalid signature"?
More information about the Gnupg-users