On Mon, Nov 07, 2005 at 11:55:02PM +1030, Alphax wrote: > >>>It's a countermeasure against an attack against signing subkeys. > >>>Basically, the primary key signs all subkeys. With backsigs, the > >>>signing subkey also signs the primary key. > >>> > >>>Without this, an attacker can "steal" a signing subkey from someone > >>>else and try and pretend that a signature came from his own key. It's > >>>not a particularly good attack: the attacker can't issue signatures to > >>>prove his ownership. > >>> > >> > >>Will this remove the possibility of moving subkeys from one primary key > >>to another / converting primary keys to subkeys (documented at > >>http://atom.smasher.org/gpg/gpg-migrate.txt)? > > > > > > No, it's unrelated to that. It's a countermeasure against a (somewhat > > weak) attack. It has nothing to do with various bit twiddling you can > > do to your own key. > > > > So how /do/ they work (and how does one go about moving subkeys between > keys)?
I'm afraid I don't understand what you're asking here. How backsigs work? David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
