Third-Party Confirmation signature?
Daniel Roesler
diafygi at gmail.com
Tue Jul 9 17:10:15 CEST 2019
Hmmm, ok.
Yes, I am considering ways of letting a user "whitelist" signatures on
their public key, and using the Signature Target subpacket[1] seemed
like a way to do that.
However, if gpg doesn't support a way of adding that subpacket, then
creating easy-to-copy-and-paste commands for users to use to approve
signatures becomes difficult.
What about using the Notation Data subpacket[2] to provide a pointer
to a target signature that is "approved"? I noticed in the edit-key
interface there is an option for setting notations[3]. Could a user
use gpg's edit-key to create a signature on their key that has a
notation specifying the whitelist of approved third party signature
key-ids?
[1]: https://tools.ietf.org/html/rfc4880#section-5.2.3.25
[2]: https://tools.ietf.org/html/rfc4880#section-5.2.3.16
[3]: https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#index-keyedit_003anotation
Thanks for the reply,
Daniel
On Tue, Jul 9, 2019 at 5:20 AM Werner Koch <wk at gnupg.org> wrote:
>
> On Mon, 8 Jul 2019 18:45, gnupg-users at gnupg.org said:
>
> > Is there a way to create a "Third-Party Confirmation signature"[1]
> > using the gnupg command line interface?
>
> No. You need to add code for this which also requires that you have a
> way to specify another signature packet.
>
> Are you considering to use 0x50 self-signatures to approve key
> signatures?
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list