-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: > >>David Shaw wrote: >> >>>On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: >>> >>> >>>>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: >>>> >>>> >>>>>Salve! >>>>>Can somebody explain me what is "back signatures"? >>>>>Manual not very clear about this. >>>> >>>>It's a countermeasure against an attack against signing subkeys. >>>>Basically, the primary key signs all subkeys. With backsigs, the >>>>signing subkey also signs the primary key. >>>> >>>>Without this, an attacker can "steal" a signing subkey from someone >>>>else and try and pretend that a signature came from his own key. It's >>>>not a particularly good attack: the attacker can't issue signatures to >>>>prove his ownership. >>> >>> >>>I should add that this is a new feature for 1.4.3. >>> >> >>Has 1.4.3 been officially released yet? > > > Not yet, no. >
How "unofficial" is it? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2xK3rMAAH8MeUlWAQgdbgf+N3WnnAPF/+AJgnssdjrhbb/JrCvlacU7 FBfVq/lTZt++rt28EgeT0sGIsVT+p9DyyoetY06wxsuJhGQn1a4RwFAKwlIsBDgS IppX+lOcf2zuN7W6x4Xzq+wFKKNHwkSrUYFQdK/0oI6vZx6E45m5o9+9USONu248 hOMP5tUvgnQ8DStN/czOkke+Fig5/Gm7Lb8IJ8CqAF+3JPxthPmLt4lQDEcm3M17 Bm8VF48pHo6fozLghSDxPB2mJtGawgp9BaBwAghZJysFXf/E+Jm2TE2xw9vXpvDw hfLQbl/OK+BuZlMocMkl6Ml9Bm6SEN1LsoiLkMHIJyN25B7JWJ75tA== =faWd -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
