explain nrsign & lsign?

David Shaw dshaw at jabberwocky.com
Sun Jan 28 21:37:36 CET 2007


On Sun, Jan 28, 2007 at 12:15:01PM -0800, snowcrash+gnupg-users wrote:
> > There is somewhat constant debate over the best method. ...
> 
> > the main point of signing a key is so that GnuPG (or PGP) can
> > use the signature in its trust calculations ...
> 
> good info. thanks.
> 
> last (yeah, sure ...) question, then.
> 
> does gpg, &/or do the keyservers, require *valid* email addresses for keys?
> 
> i.e., if my "A" trust-signing key will *never* be used to sign an
> email, can its assigned/defined address be, e.g.,
> 
>    trust_sig at mydomain.local

GPG doesn't care what the email address is.  Most keyservers don't
care either (with the notable exception of ldap://keyserver.pgp.com
which sends a confirmation mail to the address on the key).

> will *it*, and sigs/keys for 'real' addresses signed *by* it, be
> retrievable as such from the keyservers manually and via 'automatic'
> Key Retrieval options?

Signatures made by such a key live on other keys, so if those other
keys are retrivable, then the signatures come with.

Can you explain what you're trying to do?  In general, there are good
reasons for email addresses being real email addresses, and keys being
real keys, and so on.  There is a good amount of software here that is
designed to help you.  If you insist on throwing nails in the gears,
the software can't do its job.

David



More information about the Gnupg-users mailing list