-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Tuesday 23 March 2010 at 2:27:10 PM, in <mid:208676d2-157a-4733-b4ac-62662fda0...@jabberwocky.com>, David Shaw wrote: >>> On Mar 22, 2010, at 8:48 AM, MFPA wrote: >> I was thinking about the "special case" >> of users who maintain a "personal master key" to >> collect and issue web of trust signatures and to sign >> the "production" keys they actually use for encryption >> and signing files or email. That set-up would be >> well-served by the production keys being unable to >> certify. > Issuing a web of trust signature or signing production > keys *are* certifications. Yes. That's why I said "the production keys being unable to certify," since such a user would perform these tasks with their "master" key. > If key couldn't certify, it > couldn't even make self-sigs on itself Even though I knew that a key or UID should be considered suspect if not self-signed, the penny hadn't dropped that the self-sig was a "certification" in the same way as a web of trust signature. > (so no user IDs, or subkeys either) What happens if somebody converts a subkey into a primary key? Can they then create UIDs and subkeys for it? - -- Best regards MFPA mailto:expires2...@ymail.com Versifiers write poems for it. -----BEGIN PGP SIGNATURE----- iQCVAwUBS6kD76ipC46tDG5pAQpUbQQAtoGwY6SJG7WzYc7XPp/4nrvw5janoIoC YVuW5HIfNXPROUGAp4S0WrfxQtQwADN93FbAEGIEpLkEn5sp3il/ByvHU4axydDz AOqG2EpWf0isHIMvfPXtxWRAtbGfZ80MsgV5e9/XwNjy6mWyU8yQqswscnb5W/dC 1NjOHaqY9jk= =664R -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
