David Shaw dshaw at
Thu Apr 6 03:45:19 CEST 2006

On Wed, Apr 05, 2006 at 10:56:13AM -0400, John W. Moore III wrote:
> Throughout the 'snapshot' phase of 1.4.3 this ability was turned OFF by
> default.  With the release of 1.4.3 stable and the availability of
> cross-certification and pka-lookup now widely available, will the
> features once defaulted to off be defaulted to ON for the 1.4.4
> 'snapshot' releases?

It depends on the feature.  Certainly require-cross-certification will
not be turned on by default in 1.4.4.  Too soon.

> Also, in the reference is "see require-cross-certification" but
> I have been unable so far to find that particular option in the Manual.
>  When I do, what will I "see"?

It's there.  It says:

    When  verifying  a signature made from a subkey, ensure that the
    cross certification "back signature" on the subkey is present and
    valid.  This protects against a subtle attack against subkeys that
    can sign.  Currently defaults to --no-require-cross-certification,
    but will be changed to --require-cross-certification in the


More information about the Gnupg-users mailing list