[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: Migrating keys
From:       Adrian von Bidder <avbidder () fortytwo ! ch>
Date:       2003-11-28 10:42:25
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Thursday 27 November 2003 21:29, Atom 'Smasher' wrote:

> in one case (based on a signed email) one might (or might not) explicitly
> sign a new key... in the other case (a new sub-key is generated) one has
> implicitly (and unknowingly) signed the new sub-key.

You never sign the subkey - I do usually not look at subkeys when I sign a 
key, since it's entirely in the keyholder's interest to properly manage the 
subkeys. If you're paranoid about a subkey, then only trust signatures from 
the primary. You could also add a notation subpacket when signing a key and 
list the available subkeys at the time of your signature.

The question here is: against what type of attack are you trying to defend?

cheers
-- vbi
-- 
featured link: http://fortytwo.ch/smtp

[Attachment #5 (application/pgp-signature)]

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]