pka-lookups
David Shaw
dshaw at jabberwocky.com
Thu Apr 6 03:45:19 CEST 2006
On Wed, Apr 05, 2006 at 10:56:13AM -0400, John W. Moore III wrote:
> Throughout the 'snapshot' phase of 1.4.3 this ability was turned OFF by
> default. With the release of 1.4.3 stable and the availability of
> cross-certification and pka-lookup now widely available, will the
> features once defaulted to off be defaulted to ON for the 1.4.4
> 'snapshot' releases?
It depends on the feature. Certainly require-cross-certification will
not be turned on by default in 1.4.4. Too soon.
> Also, in gpg.man the reference is "see require-cross-certification" but
> I have been unable so far to find that particular option in the Manual.
> When I do, what will I "see"?
It's there. It says:
When verifying a signature made from a subkey, ensure that the
cross certification "back signature" on the subkey is present and
valid. This protects against a subtle attack against subkeys that
can sign. Currently defaults to --no-require-cross-certification,
but will be changed to --require-cross-certification in the
future.
David
More information about the Gnupg-users
mailing list