Trust, UIDs, signing & revoking

Len Sassaman
Thu Nov 22 22:30:02 2001

On Wed, 21 Nov 2001, Mark Brown wrote:

> I'm only certain about having verified with PGPkeys although I beleive
> the issue was pointed out to me when someone managed to encrypt
> something to an ID they beleived should've been invalid without
> noticing.  I can check the latter tomorrow.  I don't have access to the
> SDK.
> I'd still say that a problem in PGPkeys is fairly serious.

I agree, definately.


Len Sassaman

Security Architect            |  "Now it's all change --
Technology Consultant         |   It's got to change more."
                              |       |              --Joe Jackson