On Thu, 21 Sep 2017 16:16:12 -0400, Robert J. Hansen wrote: > > If someone would issue a fake sig3 from Governikus to someone > > else how could you, for example, verify that the sig3 is from > > Governikus? > > By validating Governikus's certificate.
Do i understand you right, i validate Werner's pub key and when i get a signed email from Erika Mustermann the sig should be then o.k. from her, because i signed Werner's key? > You seem to be asking the same question (and getting the same answer) > over and over again. Perhaps try a different phrasing? Or is it that > the answer isn't clear? I'm sorry! Let me say one last word. If i would be a programmer of software like GnuPG, my software would not allow to receive unwanted signatures on my pub key, nor would it allow that someone else can fake a sig on someone else's pub key with my key-id. Good night and best regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
