No warning on 'gpg -a -o somewhere.gpg -s -r someone <file>'
Len Sassaman
rabbi at quickie.net
Fri Nov 9 20:36:01 CET 2001
On 9 Nov 2001, Pascal Scheffers wrote:
> > > something that is not an ultimately trusted key. Add that restriction
> > > and you're fine.
> >
> > Except that in most implementations of OpenPGP, *cough NAI's PGP cough*,
> > such user-ids would be indistinguishable at a glance from owner-created
> > ones.
> Ehm, wouldn't current implementations just *reject* a UID signature
> that was not made by the key it self? That's how they work: they're only
> valid if they are signed by the key it self...
Incorrect.
--
Len Sassaman
Security Architect | "Now it's all change --
Technology Consultant | It's got to change more."
|
http://sion.quickie.net | --Joe Jackson
More information about the Gnupg-devel
mailing list