Several questions as feedback on gnupg
Lionel Elie Mamane
Wed Jan 23 20:16:01 2002
Content-Type: text/plain; charset=us-ascii
On Wed, Jan 23, 2002 at 04:45:10PM +0100, Loic Bernable wrote:
> - I've been told the different running keyservers do not support the
> deletion of an uid.
Yup. Only addition of things (signatures, UID's, subkeys, keys...) is
> - I've read somewhere that some french people asked Werner to contact
> french administration (SCSSI) to legalize the use of GnuPG in France.
The copyright belongs to the FSF, so the FSF "should" do it. But this
declaration is only valid for one particular exact version, and free
software evolves so fast, ...
> - I realized during a demonstration that no authentication is needed
> when modifying the trust values, and in particular assigning a higher
> trust value. Can't it be a problem ?
If anyone has access to your user account on your computer, you are in
big trouble anyhow. If I can edit files in your homedirectory (and
changing trusts needs that), there are much more subtle ways to screw
> - A friend of mine pointed out the problem that may occur with persons
> who have a common name and surname.
That's why you should check the e-mail part of the UID too, before you
sign the UID.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----