BUG: Web of trust circumvention by secret key distribution

Werner Koch wk at gnupg.org
Thu Dec 7 18:37:42 CET 2000


On Thu, 7 Dec 2000, Rodney Thayer wrote:

> no.  NAI PGP does that, and they end up with a user interface
> which causes you to treat all keys as "untrusted" unless you've
> signed them yourself.

However, signing the secret key does not help much because this would 
also need to drop all signatures from secret keys during import.

Ex-/importing secret keys is something you do only in very rare
case, so having to add an option to do this is not that bad.

  Werner
  



More information about the Gnupg-devel mailing list