published key security levels

Hauke Laging mailinglisten at
Thu May 13 01:03:50 CEST 2010

Am Mittwoch 12 Mai 2010 20:29:18 schrieb Joel C. Salomon:

> I generate two keys, one low-security (e.g., “Joel Salomon webmail”) and
> one high-security (“Joel Salomon smartcard”).  I sign the low-security
> key with my high security key, but I don’t ask others to sign it; the
> only key I put into the web of trust is my high-security key.
> If the low-security key is compromised, can the attacker rename it (or
> otherwise fool people into thinking it’s my high-security key) without
> removing my (high-security) signature on the key?

The main problem is: How do people recognise your high security key as such? 
By the comment only?

The next problem: (AFAIK) You cannot prevent people from signing your keys.

Furthermore this feels a bit strange to me. The basic rule is: The more 
signatures, the better. And now a feature shall be based on avoiding 
signatures? :-S


PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100513/9caf3cdc/attachment.pgp>

More information about the Gnupg-users mailing list