using a key without self-signature

David Shaw
Thu May 16 14:23:02 2002

On Thu, May 16, 2002 at 08:56:24AM +0200, Werner Koch wrote:
> On Wed, 15 May 2002 15:39:11 -0700 (PDT), Len Sassaman said:
> > May I suggest that if a uid is signed (or lsigned) by an ultimately
> > trusted key, and there is no uid revocation, that it should be usable
> > without the allow-non-selfsigned-uid flag?
> I also have this idea for quite some while but at that time it was not
> possible to sign such a key at all so I didn't bother to implement it.
> We can now implement it and I think it is a good idea.

This is one of those things that I agree we should support, but also
try and get people not to use.  It has the valid purpose of putting
the user in control of what keys are considered valid.  Unfortunately,
I suspect that it'll be used as a finer-grained allow-non-selfsigned,
which is not necessarily the right (most secure) thing to do.

In virtually all cases, the owner of the non selfsigned key has the
ability to selfsign it.  We should enourage people to get the key
signed by the owner, and use this only as a last resort.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson