TOFU for GnuPG
Andre Heinecke
aheinecke at intevation.de
Fri Oct 30 13:23:14 CET 2015
Hi,
On Thursday 29 October 2015 22:28:54 Neal H. Walfield wrote:
> At Thu, 29 Oct 2015 18:48:43 +0100,
>
> Johannes Zarl-Zierl wrote:
> > Out of curiosity: Does the TOFU implementation for gpg already allow for
> > key transition statements / is this planned for some point in the future?
> Unfortunately, it doesn't. This is because there is currently no
> standard way to communicate the id of the new key. I've proposed a
> solution for this for the next OpenPGP version, which is currently
> being work on. There appears to be some interest, but unfortunately I
> haven't had time to work on that recently.
I don't fully understand why you need formalized transition statements.
Couldn't you just treat Key / UIDs that are signed by each other as "two valid
keys for this UID"?
So when I transition to another key I just sign it with the old key and GnuPG
can detect that and not show a warning about it?
This would also solve the problem that some users may have multiple keys with
the same UID's which are both valid.
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20151030/b89ca08a/attachment.sig>
More information about the Gnupg-users
mailing list