revoked key - was: Re: key-signing for pseudonyms
Atom 'Smasher'
atom at suspicious.org
Sat May 22 20:19:25 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 21 May 2004, David Shaw wrote:
> Currently, the main key signs all subkeys. The fix is that signing
> subkeys sign the main key as well. Since an attacker who "steals" the
> subkey cannot issue this back-signature, it is very obvious that the
> attacker key is fraudulent.
================================
is there a way to do that with encryption-only subkeys?
or is that less of a concern since a "hijacked" public key for encryption
can't be used to claim authorship of a work? although, it can cause other
FUD.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"The enemy is anybody who's going to get you killed,
no matter which side he's on."
-- Joseph Heller, Catch-22
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
iEYEARECAAYFAkCvmbMACgkQnCgLvz19QePHRgCgkNyFItE/qhrrXnhlPgWjK2rA
66EAn064y7jbqJfB7LYjoi+HhMlRE3Av
=l/KR
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list