key-signing and stolen subkeys

David Champion dgc at uchicago.edu
Mon May 24 06:49:56 CEST 2004


* On 2004.05.23, in <Pine.BSD.4.58L0.0405231823100.55001 at erfrnepu.fhfcvpvbhf.bet>,
*	"Atom 'Smasher'" <atom at suspicious.org> wrote:
> 
> i wouldn't expect ~you~ to fall for this trick... but someone who is new
> to pgp and doesn't fully understand public key crypto can be tricked into
> using this broken keysigning protocol:

Someone who's that green can be tricked, misguided, or can himself
stumble into a lot of bad behaviors. If you try to address them all in
documentation, as in software, you wind up with a cumbersome mass that
doesn't suit the needs of some other set of users as well as it could.

Perhaps a note concerning how to go about a key signing belongs in
some kind of beginner material, but such a note should focus more on
describing good procedure more than on admonishing against bad. There
are always many more bad procedures.

-- 
 -D.    dgc at uchicago.edu                                  NSIT::ENSS
        No money,  no book.  No book,  no study.  No study, no pass.
        No pass, no graduate. No graduate, no job. No job, no money.
             T h e   U n i v e r s i t y   o f   C h i c a g o



More information about the Gnupg-users mailing list