[PATCH v4] filter and verify keyserver responses
Werner Koch
wk at gnupg.org
Wed Jun 25 20:14:39 CEST 2014
On Wed, 25 Jun 2014 16:22, jerome at jerome.cc said:
> A filter that imports only keys authenticated by one or more given
> key(s) (identified by its(their) fingerprint(s))?
No.
> keyserver, a user won't be able to download a rogue key that has not
> been authenticated by the organization's key(s).
Do not rely on the content of the standard keyring. You MUST somehow
make sure that the key is authentic - using the keyring is not a
repalcement for that.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list