On Mon, 2009-11-23 at 17:57 +0530, Rahul R wrote: > then could you plz explain why it is not giving me any error on server > B that has a gpg version 1.4? I'm not sure, but it's likely that the older version did simply not check for this.
Using a key with UIDs that are not signed by that key is dangerous, as anybody could have attached such an UID to the respective key. I could for example take your publich key, which has about the following layout: public key packet UID packed signature on the UID packet ...strip of the UID and signature packet and add my own (evil) UID. But I cannot forge the signature on the UID, well not easily at least ;) Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
