Trust, UIDs, signing & revoking

Mark Brown broonie@sirena.org.uk
Wed Nov 21 02:08:01 2001


--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 20, 2001 at 04:36:34PM -0800, Len Sassaman wrote:

> Have you actually verified that this is how PGP does its trust
> calculations internally? There may be some differnence between what is
> displayed in PGPkeys and what is done in the SDK.

I'm only certain about having verified with PGPkeys although I beleive
the issue was pointed out to me when someone managed to encrypt
something to an ID they beleived should've been invalid without
noticing.  I can check the latter tomorrow.  I don't have access to the
SDK.

I'd still say that a problem in PGPkeys is fairly serious.

--=20
"You grabbed my hand and we fell into it, like a daydream - or a fever."

--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7+v4GJ2Vo11xhU60RAoKJAKDCcspfhtqlXjPdxY7BJkklF9WI2wCgq+e2
Bk34VskcOFTkeHWiqlN+Aiw=
=DUCt
-----END PGP SIGNATURE-----

--0OAP2g/MAC+5xKAE--