[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Does RFC4880 require a (self)-signature on the mandatory User ID packet?
From: Bernhard Reiter <bernhard () intevation ! de>
Date: 2022-12-13 11:33:42
Message-ID: 202212131233.58000.bernhard () intevation ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Am Dienstag 13 Dezember 2022 10:07:07 schrieb Neal H. Walfield:
> On Tue, 13 Dec 2022 09:35:22 +0100, Bernhard Reiter wrote:
> > incompatible to the existing OpenPGP standard, by not adding the
> > necessary signature, see https://dev.gnupg.org/T4393 and blame it as
> > defect on your page
> > https://keys.openpgp.org/about/faq)
I was not precise enough, I've meant "not distributing the user ids"
(and assuming that a useful user ID packet has a self-signature.)
Thanks for pointing this out and sorry for the confusion.
> I think you are misreading the standard here. My reading of 4880 is
> the grammar for certificates explicitly says that self signatures on
> User ID packets are optional:
>
> - One or more User ID packets
> Can you point me to the text in 4880 that supports your view that User
> IDs must have self signatures?
The RFC mandates at least one User ID Packet.
Do you think the single User ID packet is useful without any (self-)signature?
Thanks,
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic