key question
David Shaw
dshaw at jabberwocky.com
Fri Feb 26 23:08:28 CET 2010
On Feb 26, 2010, at 4:10 PM, MFPA wrote:
>>> Just curious... Does support just mean it sets the
>>> bit? Or will it turn an attempt to --send-keys on
>>> that key into a no-op?
>
>> Support means it gives the user the ability to set and
>> clear the bit (it is set by default).
>
> Would there not be some merit in honouring the flag by (at least)
> giving an extra warning to answer if you execute --send-keys to upload
> a key with that bit set?
I don't think so. At best it's a false sense of security to block or warn on "gpg --send-keys xxxx" but not on (for example) "gpg --export xxxx" (which is then followed by by sending the key via a web browser or email). It also doesn't affect PGP. I'd rather not give the user the impression that this is more than it is.
Plus (and I'll admit to a level of amusement in this situation), virtually all keys generated with GPG have the no-modify bit set, as it's the default. It would thus block/warn on most every key.
David
More information about the Gnupg-users
mailing list