No warning on 'gpg -a -o somewhere.gpg -s -r someone <file>'

Pascal Scheffers Pascal at Scheffers.Net
Fri Nov 9 10:35:01 CET 2001


On Fri, 2001-11-09 at 08:58, Len Sassaman wrote:
> > > upset if other people were able to export these addtional key ids.
> > Exporting should not really matter, because they would be signed by
> > something that is not an ultimately trusted key. Add that restriction
> > and you're fine.
> 
> Except that in most implementations  of OpenPGP, *cough NAI's PGP cough*,
> such user-ids would be indistinguishable at a glance from owner-created
> ones.
Ehm, wouldn't current implementations just *reject* a  UID signature
that was not made by the key it self? That's how they work: they're only
valid if they are signed by the key it self...

Pascal.





More information about the Gnupg-devel mailing list