Create Subkey Binding

David Shaw
Fri Jan 24 18:47:02 2003

On Fri, Jan 24, 2003 at 11:32:24AM -0600, Richard Laager wrote:

> > In any event, both GnuPG and PGP will properly refuse to use the
> > corrupted key.  I think you need to get the s-mail people to fix
> > the bug.
> I've sent them some information on the issue. I don't know what'll
> happen, but I did what I could. Unless S-Mail follows my suggestions,
> there service is basically a webmail account that happens to use
> OpenPGP internally. However, their client is the only thing that sees
> the OpenPGP encryption, and so the user can't verify what its doing
> anyways. Since the encryption (and signing) are for S-Mail to S-Mail
> users only, very little protection is offered over a standard mail
> setup.

Indeed.  You might tell the S-Mail people that such keys also violate


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson