2.0.14 --gen-key interface nit
MFPA
expires2010 at ymail.com
Tue Mar 23 19:09:44 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Tuesday 23 March 2010 at 2:27:10 PM, in
<mid:208676D2-157A-4733-B4AC-62662FDA0562 at jabberwocky.com>, David Shaw
wrote:
>>> On Mar 22, 2010, at 8:48 AM, MFPA wrote:
>> I was thinking about the "special case"
>> of users who maintain a "personal master key" to
>> collect and issue web of trust signatures and to sign
>> the "production" keys they actually use for encryption
>> and signing files or email. That set-up would be
>> well-served by the production keys being unable to
>> certify.
> Issuing a web of trust signature or signing production
> keys *are* certifications.
Yes. That's why I said "the production keys being unable to certify,"
since such a user would perform these tasks with their "master" key.
> If key couldn't certify, it
> couldn't even make self-sigs on itself
Even though I knew that a key or UID should be considered suspect if
not self-signed, the penny hadn't dropped that the self-sig was a
"certification" in the same way as a web of trust signature.
> (so no user IDs, or subkeys either)
What happens if somebody converts a subkey into a primary key?
Can they then create UIDs and subkeys for it?
- --
Best regards
MFPA mailto:expires2010 at ymail.com
Versifiers write poems for it.
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS6kD76ipC46tDG5pAQpUbQQAtoGwY6SJG7WzYc7XPp/4nrvw5janoIoC
YVuW5HIfNXPROUGAp4S0WrfxQtQwADN93FbAEGIEpLkEn5sp3il/ByvHU4axydDz
AOqG2EpWf0isHIMvfPXtxWRAtbGfZ80MsgV5e9/XwNjy6mWyU8yQqswscnb5W/dC
1NjOHaqY9jk=
=664R
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list