protecting pub-keys from unwanted signatures

Stefan Claas admin at zwiebelfreund.de
Sun Aug 16 16:26:16 CEST 2015


On Sun, Aug 16, 2015 at 11:18:20AM +0000, Philipp Schafft wrote:
> reflum,
> 
> On Sun, 2015-08-16 at 10:10 +0200, Stefan Claas wrote:
> > Hello Werner and all,
> > 
> > after seeing Facebook's public key a couple of days ago,
> > i was wondering if it's possible to enhance GnuPG in a
> > future version, so that it no longer allows someone to
> > sign a public key without approval of the owner.
> 
> Maybe you can explain your use case a bit.
> Think about this:
> You can easily create a little document with the fingerprint of the key
> you want to sign, timestamp, maybe other notions and sign that. Then you
> can publish this document. In fact the signature on a key is very
> similar to such a document. Just that it has a machine readable
> structure.
> 
> -- 
> Philipp.
>  (Rah of PH2)
if i understand you correctly it would not help me if someone
would sign my key without my approval, so to speak.

What i meaned whith my initial post was that it should in the
future not be possible to sign someones pub key directly, to
prevent unwanted signatures. Sure one can revoke his/her pub
key, but how often would you like to do that if a "prankster"
has lot's of energy?

I also forgot to mention in my first post that it would also
require that Alice has to enter her secrets key passphrase to
authorize Bob's Signature Request Certificate, after validating 
Bob's request cert.

I think it would be a welcome addition for  a future version of
GnuPG.

Regards
Stefan




More information about the Gnupg-users mailing list