Hmmm, ok. Yes, I am considering ways of letting a user "whitelist" signatures on their public key, and using the Signature Target subpacket[1] seemed like a way to do that.
However, if gpg doesn't support a way of adding that subpacket, then creating easy-to-copy-and-paste commands for users to use to approve signatures becomes difficult. What about using the Notation Data subpacket[2] to provide a pointer to a target signature that is "approved"? I noticed in the edit-key interface there is an option for setting notations[3]. Could a user use gpg's edit-key to create a signature on their key that has a notation specifying the whitelist of approved third party signature key-ids? [1]: https://tools.ietf.org/html/rfc4880#section-5.2.3.25 [2]: https://tools.ietf.org/html/rfc4880#section-5.2.3.16 [3]: https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#index-keyedit_003anotation Thanks for the reply, Daniel On Tue, Jul 9, 2019 at 5:20 AM Werner Koch <w...@gnupg.org> wrote: > > On Mon, 8 Jul 2019 18:45, gnupg-users@gnupg.org said: > > > Is there a way to create a "Third-Party Confirmation signature"[1] > > using the gnupg command line interface? > > No. You need to add code for this which also requires that you have a > way to specify another signature packet. > > Are you considering to use 0x50 self-signatures to approve key > signatures? > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
