How trust works in gpg...

Werner Koch wk at
Wed Apr 16 09:42:05 CEST 2008

On Tue, 15 Apr 2008 20:04, dshaw at said:

>> I remember Werner saying that this was just nonsense.
>> Werner, can you correct me if I'm wrong?
> Not enough information above to say nonsense or not.  There are silly
> ways to use challenges and non-silly ways.

What I meant are proofs based on the ability to decrypt a message.  That
is not going to work if you do not have an encryption subkey. 

Regarding signing challenges; they are fine as along as a signing subkey
is available.  Like me, some folks keep their primary key offline and
may even use a dedicated box for signing keys.  The challenges are thus
somewhat cumbersome.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list