Problems with v3 keys?

David Shaw dshaw@jabberwocky.com
Wed Feb 27 15:32:02 2002


On Tue, Feb 26, 2002 at 01:27:35PM -0500, David Shaw wrote:
> On Tue, Feb 26, 2002 at 10:18:23AM -0800, Len Sassaman wrote:
> > On Tue, 26 Feb 2002, David Shaw wrote:
> > 
> > > > And yes, I have allow-non-selfsigned-uid in my options file.
> > >
> > > The problem is the non-selfsigned uid.  The allow-non-selfsigned-uid
> > > option allows you to import the key (which lets you use it to verify
> > > signatures, etc).  It doesn't allow you to encrypt to it.
> > 
> > Ugh. That's broken behavior for allow-non-selfsigned-uid, isn't it?
> 
> It's documented that way ("This only allows the import - key
> validation will fail and you have to check the validity of the key by
> other means").
> 
> The fact that --always-trust doesn't let you use such a key is
> certainly broken though :(

FYI, I just committed a fix for this.  You can now use --always-trust
to trust a non-selfsigned key.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson