back signatures

[Alphax]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw wrote:
> On Sat, Nov 05, 2005 at 04:39:40PM +1030, Alphax wrote:
> 
>>David Shaw wrote:
>>
>>>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
>>>
>>>
>>>>Salve!
>>>>Can somebody explain me what is "back signatures"?
>>>>Manual not very clear about this.
>>>
>>>
>>>It's a countermeasure against an attack against signing subkeys.
>>>Basically, the primary key signs all subkeys.  With backsigs, the
>>>signing subkey also signs the primary key.
>>>
>>>Without this, an attacker can "steal" a signing subkey from someone
>>>else and try and pretend that a signature came from his own key.  It's
>>>not a particularly good attack: the attacker can't issue signatures to
>>>prove his ownership.
>>>
>>
>>Will this remove the possibility of moving subkeys from one primary key
>>to another / converting primary keys to subkeys (documented at
>>http://atom.smasher.org/gpg/gpg-migrate.txt)?
> 
> 
> No, it's unrelated to that.  It's a countermeasure against a (somewhat
> weak) attack.  It has nothing to do with various bit twiddling you can
> do to your own key.
> 

So how /do/ they work (and how does one go about moving subkeys between
keys)?

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQ29VrrMAAH8MeUlWAQiI1Af+IOP3LqxNddNc1tRxKo4BwNNm4MmiRQrC
XnOkj+kpEzt7TnlvYhEWy4QUW/Kjv/7F0DvW/68lMNsSq+MV/dm89wFNiRpUV0e9
XR6qf6/jMkJEyafhT0fkfJoZBrNRhhgT6Gdgl6yvGZbK4JscMAi0CaWzVZOBryaL
YNeaR+TKLhkleW6n4Q1nFodMeTZE7KgjzkyhcWvp3r6XB/mzQJ2R7EF+MD8C+P53
jmq9QQL0BAMq3F1Q6tunxHzdNknP9DUuS6pSWSVUUPZVkS/YCKX5LQFhE4txh4+E
pC1v4IExoJD7Ec4hfRCIZ01S/W349uxpupL4zhPlpIXSuiwb9DXyfA==
=lSYS
-----END PGP SIGNATURE-----