Certification Subkey

[Tom Ritter]

I'm curious about creating a subkey capable of certifying other PGP
keys. I don't think this is disallowed by the spec (although I'm not
certain about that).

It's easy enough to create a subkey with the certification bit by
hacking the source. I haven't quite gotten the signing-with-a-subkey
component working, but it's obviously possible. The signer would need
the custom version of gpg, but that's easy.

I know it goes against the standard practice model of OpenPGP, but
short of replicating a x509 hierarchy in OpenPGP (which would not work
well, due to requiring clients to download the 'intermediate' keys for
'leaf' verification) - this seems like my best bet at the moment...

What I'm mostly interested in it _verifying_ signatures made with a
subkey.  Has anyone attempted this before, and know if default gpg
and/or other tools completely choke on this?  It obviously wouldn't be
worth attempting if no one could verify the signatures.

-tom