Problems with v3 keys?
David Shaw
dshaw@jabberwocky.com
Wed Feb 27 15:32:02 2002
On Tue, Feb 26, 2002 at 01:27:35PM -0500, David Shaw wrote:
> On Tue, Feb 26, 2002 at 10:18:23AM -0800, Len Sassaman wrote:
> > On Tue, 26 Feb 2002, David Shaw wrote:
> >
> > > > And yes, I have allow-non-selfsigned-uid in my options file.
> > >
> > > The problem is the non-selfsigned uid. The allow-non-selfsigned-uid
> > > option allows you to import the key (which lets you use it to verify
> > > signatures, etc). It doesn't allow you to encrypt to it.
> >
> > Ugh. That's broken behavior for allow-non-selfsigned-uid, isn't it?
>
> It's documented that way ("This only allows the import - key
> validation will fail and you have to check the validity of the key by
> other means").
>
> The fact that --always-trust doesn't let you use such a key is
> certainly broken though :(
FYI, I just committed a fix for this. You can now use --always-trust
to trust a non-selfsigned key.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson