Seeking clarification with a few GPG concepts
Hauke Laging
mailinglisten at hauke-laging.de
Thu Aug 14 00:17:10 CEST 2014
Am Mi 13.08.2014, 22:43:41 schrieb MFPA:
> > Subkeys and third party signatures are not related
> > (today – one more problem).
>
> Why is that a problem?
Because of that OpenPGP (at least in a useful form) is not compatible
with (probably not only) German signature law. I know that this will be
replaced by new EU law in a few years but I don't know whether that
makes any change to the current requirement that the key which has a
"qualified certificate" must be stored on a smartcard (i.e. inaccessible
even to the key owner).
This problem could be solved by adding a critical signature notation
which contains the fingerprint(s) of the key(s) which the CA has created
on a smartcard. That way the key owner could create new subkeys which
would not be recognized as part of a "qualified certificate".
If you want to use OpenPGP today then the CA would have to create the
private mainkey for you and throw it away after signing the subkeys.
That would render OpenPGP quite useless.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140814/0a28e8e3/attachment.sig>
More information about the Gnupg-users
mailing list