[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Migrating keys
From: Adrian von Bidder <avbidder () fortytwo ! ch>
Date: 2003-11-28 10:42:25
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Thursday 27 November 2003 21:29, Atom 'Smasher' wrote:
> in one case (based on a signed email) one might (or might not) explicitly
> sign a new key... in the other case (a new sub-key is generated) one has
> implicitly (and unknowingly) signed the new sub-key.
You never sign the subkey - I do usually not look at subkeys when I sign a
key, since it's entirely in the keyholder's interest to properly manage the
subkeys. If you're paranoid about a subkey, then only trust signatures from
the primary. You could also add a notation subpacket when signing a key and
list the available subkeys at the time of your signature.
The question here is: against what type of attack are you trying to defend?
cheers
-- vbi
--
featured link: http://fortytwo.ch/smtp
[Attachment #5 (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic