David Shaw wrote:
It's a countermeasure against an attack against signing subkeys.
Basically, the primary key signs all subkeys. With backsigs, the
signing subkey also signs the primary key.
Without this, an attacker can "steal" a signing subkey from someone
else and try and pretend that a signature came from his own key. It's
not a particularly good attack: the attacker can't issue signatures to
prove his ownership.
I should add that this is a new feature for 1.4.3.
Can keys created before 1.4.3 be updated with that stuff?
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted-printable:;;Lothstra=C3=9Fe 34;M=C3=BCnchen;Freistaat Bayern;80335;Federal Republic of Germany
email;internet:[EMAIL PROTECTED]
tel;home:+49 89 24409568
tel;cell:+49 172 8617341
x-mozilla-html:TRUE
url:http://fhm.edu/
version:2.1
end:vcard
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
