allow-non-selfsigned-uid issue with key from keys.openpgp.org that contains no identity information
wk at gnupg.org
Thu Aug 1 13:37:26 CEST 2019
On Mon, 29 Jul 2019 09:43, gnupg-users at gnupg.org said:
> it that way", i think. Perhaps Werner can provide more background on
> why GnuPG is generally resistant to holding OpenPGP certificates that
> have no User ID at all in its local keyring.
The user ID is important because the accompanying self-signature conveys
important information about the keyblock. For example expiration date
and preferences. It is true that this can also be conveyed with
direct-key-signatures (a self-signature directly on a key which was
mainly introduced for dedicated revocations). However, this is a not so
well tested feature of gpg and my educated guess is that many other
OpenPGP implementations do not handle direct-key signatures in a way
compatible to pgp or gpg - if at all. Thus by relying on them we would
sail into uncharted waters.
> Doing such a merge would be super helpful, particularly for receiving
> things like subkey updates and revocation information from
I agree that we can add a code path to import a primary key plus
revocation certificate but without user-ids. PGP however, does not
support this and is the reason why we extended the revocation
certifciate with a minmal primary key.
Update of subkeys is a different issue and I see no solid use case for
allowing that without user-id (cf. expiration date of the primary key).
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-users