At Sun, 04 Jun 2006 03:02:19 +0930, Alphax wrote: > A subkey cannot issue a certification signature - at least not in any > known implementations.
Right, I read about that before. > PGP 8 supports signing subkeys; no other offical version of PGP before > then does. According to Tom McCune's FAQ [1] version 8.1 was the first version that supported signing subkeys for checking signatures: "GPG (but not PGP) can now generate subkeys for signing. Until PGP 8.1, PGP had no support for this, and could not verify signatures made with such a signing subkey." So, I assume that there was a version 8.0 which doesn't support them. I wonder when version 8.1 was released. > > * One can include any number of sub keys into a key, right? I ask > > because I recall reading that there was/is some problem with key > > servers and sub keys. > > PKS keyservers (pre version 0.9.6) had a bug that mangled keys with > multiple subkeys. Hm, as far as I understand it, public key servers exchange updates among each other, in oder to stay synchronized. Consider the following example: I upload a key to server A, from there it goes to server B and finally it arrives at server C: A->B->C. Now what would happen if that key contains a signature sub key and server B runs a pre 0.9.6 PKS version? Would the key end up in a mangled state on B and C? Could the mangled key propagate back to A? > > If there is any good documentation on sub keys, aside from technical > > specifications (such as RFC 2440), then please let me know. > > Adrian von Bidder wrote an excellent tutorial on subkeys at > <http://fortytwo.ch/gpg/subkeys>. I recall finding it on the web some time ago, but I didn't read it. I better do that now. BTW, there's another little question I forgot to raise in my first message: In his FAQ, Tom McCune uses the expression "4096/2048 RSA" to refer to a 2048 bit master key with a 4096 bit encryption sub key. Is this a general convention? I.e. does "foo Y/X", in general, refer to an "X" bit master key of type "foo" with an "Y" bit sub key for encryption? [1] http://www.mccune.cc/PGPpage2.htm -- Felix E. Klee _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users