Global Directory signatures (was Re: GPG wants to check trustdb
every day)
David Shaw
dshaw at jabberwocky.com
Thu Dec 30 00:36:03 CET 2004
On Wed, Dec 29, 2004 at 03:18:51PM -0500, Jason Harris wrote:
> On Wed, Dec 29, 2004 at 08:23:17AM -0500, David Shaw wrote:
> > On Wed, Dec 29, 2004 at 12:47:22AM -0500, Jason Harris wrote:
> > > On Tue, Dec 28, 2004 at 11:44:21PM -0500, David Shaw wrote:
>
> > > > The GD doesn't support no-modify either.
> > >
> > > It is enforcing something. It won't take any new signatures on its own
> > > key, 0xCA57AD7C, and the only signatures it has on your key, 0x99242560,
> > > all seem to be from other keys it has stored.
> >
> > Yes. As I understand it, the GD has a weak form of no-modify since it
> > does not allow new user IDs or subkeys without approval, but does
> > allow new signatures without approval. The new signatures must come
> > from a key that is already on the GD.
>
> Not for 0xCA57AD7C itself.
Yes, it seems that the GD key itself is not changing. Since the GD
has a LDAP backend, this wouldn't be hard to do.
> Your own key, 0x99242560, has two valid signatures made during the
> same (TZ=UTC) day by 0xCA57AD7C, as I mentioned in my last message.
> Specifically, they are timestamped Wed Dec 29 05:12:01 UTC 2004 and
> Wed Dec 29 05:24:00 UTC 2004. (If this was a one-time bug, fine.)
No idea. This is all black box conjecture.
David
More information about the Gnupg-users
mailing list