On Wed, Jan 27, 2016 at 07:53:09PM -0500, Daniel Kahn Gillmor wrote:
> * authentication-capable subkeys that have no embedded cross
>certification should probably have a yellow alert.
Are there examples of authentication-capable subkeys with embedded cross-certs
in the wild?
Package: hopenpgp-tools
Version: 0.17-1
Severity: normal
currently, hokey lint does some verification about the quality of the
primary key and the cryptographic details of the user-id and
user-attribute binding signatures.
However, the subkey binding signatures (and related cross-signatures)
are