On Mon, 22 Nov 1999, David Ellement wrote:
> > I have never got a PGP 5 sig to work with GPG. But then maybe it
> > has something to do with the fact that they keys are no self
> > signed.
> It is possible to import keys without self signatures using the gpg
> option --allow-non-selfsigned-uid.
Are you sure, that this is a good idea? It is brain dead to create
keys or user ids without a self signature, because it is possible to
add a new user id to a key without having the secret key. As far as I
know, gnupg doesn't differentiate between the user ids when
calculating the trust (or did this change?), so a faked user id can
look trusted, which IMHO is a security hole.
This security hole is avoided, when you forbid non self signed user
ids (which is the default in gnupg), so I wouldn't change this
behavior by the above mentioned option.
Ciao
Roland
--
* [EMAIL PROTECTED] * http://www.spinnaker.de/ *
