There are actually two public keys?

[David Shaw]

On May 18, 2009, at 5:49 PM, James P. Howard, II wrote:

> On Mon May 18 08:45:38 2009, R.A. Hettinga <rah at shipwright.com> wrote:
>
>> The reason for it is a notion of what's called "key hygiene," and
>> that's an important concept in RSA usage. That is the notion that one
>> should never sign with an encryption key, and never encrypt with a
>> signing key.
>
> This leads indirectly to another question:  Why can't I sign someone
> else's key with a subkey?

Signing with a subkey has a slightly different meaning than signing  
with a primary key.  When you sign a key, you're actually signing a  
combination of the primary key and user ID that you chose to sign.  If  
you signed with a subkey, you'd lose the nice symmetry of signing with  
the thing that your friend is also signing on your key.  Rather, you'd  
be signing with something one "hop" away from that primary key, as the  
subkeys are signed by the primary.

Perhaps a more immediate answer is that nobody ever implemented it.   
OpenPGP itself doesn't care (OpenPGP actually doesn't specify all that  
much about trust models and the web of trust).  Historically, the web  
of trust was built between signatures between primaries, and that's  
what everyone implements today.  At one point there was talk of  
publishing a standard for the web of trust, but there didn't seem to  
be much interest in it.

>  And on a divergent note, using the black
> magic described elsewhere[1], is it bad to convert a subkey into a
> primary key and use it to sign others?

To do this, you have to have the key in primary key form in the  
(local) web of trust.  If you don't, then the signatures won't be used.

David