[Announce] new gnupg snapshot
Sat Apr 7 00:58:01 2001
Andrew McDonald, at 20:33 +0100 on Fri, 6 Apr 2001, wrote:
IIRC, if you have a secret key it is ultimately trusted by default.
Persuading you to import a secret key could, therefore, subvert your
web of trust.
There are two issues here:
1) importing trust
2) importing a secret key
Your arguments seem to state that importing a secret key implies importing
trust. Why would GnuPG _ever_ import trust without direct user knowledge?
I'm not clearly seeing why importing a secret key, alone, is any threat.
Frank Tobin http://www.uiuc.edu/~ftobin/