Key Flags Discontinuity
David Shaw
dshaw at jabberwocky.com
Mon Jul 28 22:42:15 CEST 2008
On Mon, Jul 28, 2008 at 01:09:18PM -0700, Loren M. Lang wrote:
> There seems to be a discontinuity on the usage of key flags between the
> primary key and subkeys. The key flags for subkeys is stored in the
> subkey binding signature of which there is one of and affects all trust
> on that subkey. The primary key's key flags are stored in the
> self-signatures of it's various user ids linking it to the trust of a
> specific user id. It seems to me that it would be more appropriate to
> put the key flags in a direct key signature (0x1F) of the primary key.
> Is this allowed by OpenPGP?
Allowed, yes. Actually done, no. There is a good bit of historical
"this is the way we do it" in OpenPGP, and this is one of those
cases. OpenPGP allows key flags to be in either a user ID signature
(0x10-0x13) or the direct key signature (0x1F). In practice, everyone
puts them in the user ID signature.
David
More information about the Gnupg-users
mailing list