Import a pubkey sans self-sig?

David Shaw dshaw@jabberwocky.com
Thu Apr 10 22:35:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Apr 08, 2003 at 04:10:49PM +0400, Yenot wrote:
> On Tuesday 08 April 2003 01:14 am, David Shaw wrote:
> > On Mon, Apr 07, 2003 at 03:59:03PM -0400, gabriel rosenkoetter wrote:
> > > I'd like to encipher things to keyid 75E4988D (seems to be on
> > > wwwkeys.pgp.net)... but GnuPG simply refuses to import it because
> > > it's lacking a self-signature.
> > >
> > > pgp 6.5.2 (yeah, I know, but this is a long-standing production
> > > process at work that I'm trying to update) has no trouble with this
> > > key.
> > >
> > > --expert doesn't help and we don't have a --force...
> >
> > --allow-non-selfsigned-uid
> 
> I was shocked that non-self-signed UID's were allowed at all.
> The only reason I can think of for such a UID, would be to
> annotate a local key that you don't own.  (Just as local
> signatures are used for localized key annotation.)

It's historical.  Early versions of PGP (2.x) did not automatically
self-sign user IDs.  RFC-2440 maintains that in not requiring a
self-signature.

Note that GnuPG will import and export non-self-signed user IDs, but
will never actually use a key with no self-signed user IDs unless:

1) If --allow-non-selfsigned-uid is set.
2) If a user ID is signed (or lsigned) by an ultimately trusted key.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+ldWN4mZch0nhy8kRAlACAJsGUYMPWlry1uJKaRQs8Jvd0++SuACg1Nba
4MDazUPWMJccTDNkfxHyYEU=
=dn6S
-----END PGP SIGNATURE-----