BUG: Web of trust circumvention by secret key distribution
Rodney Thayer
rodney at tillerman.to
Thu Dec 7 08:28:11 CET 2000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
no. NAI PGP does that, and they end up with a user interface
which causes you to treat all keys as "untrusted" unless you've
signed them yourself.
Please, GPG's UI is nasty enough, let's not make it even harder to use.
At 01:59 AM 12/7/00 -0800, L. Sassaman wrote:
>Actually, a simpler solution would be to require that the user set the
>implicit ultimate trust on the secret key manually, correct?
>
>- --Len.
>
>On 7 Dec 2000, Florian Weimer wrote:
>
> > This is just some more stuff from the 'cracking GnuPG by cheating'
> > department.
> >
> > GnuPG accepts secret keys from key servers.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
iQA/AwUBOi+6mz/0TyQ4fTjtEQKpfwCg5YCHM1YHbGfeawrEGbUuPHW+JGQAoMnn
zauTif8K3ml5O0SbLAU6yLVt
=bLZx
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list