back signatures
David Shaw
dshaw at jabberwocky.com
Mon Nov 7 00:01:26 CET 2005
On Sun, Nov 06, 2005 at 09:54:01PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >>It's a countermeasure against an attack against signing subkeys.
> >>Basically, the primary key signs all subkeys. With backsigs, the
> >>signing subkey also signs the primary key.
> >>
> >>Without this, an attacker can "steal" a signing subkey from someone
> >>else and try and pretend that a signature came from his own key. It's
> >>not a particularly good attack: the attacker can't issue signatures to
> >>prove his ownership.
> >>
> >>
> >I should add that this is a new feature for 1.4.3.
> Can keys created before 1.4.3 be updated with that stuff?
Yes.
David
More information about the Gnupg-users
mailing list