On 1999-11-23 11:20:31 +0100, Roland Rosenfeld wrote:
> Are you sure, that this is a good idea? It is brain dead to create
> keys or user ids without a self signature, because it is possible
> to add a new user id to a key without having the secret key. As
> far as I know, gnupg doesn't differentiate between the user ids
> when calculating the trust (or did this change?),
I hope this has been fixed, as this trust model would lead to
undesirable results when the key owner is an attacker who claims to
be someone else.
> so a faked user id can look trusted, which IMHO is a security hole.
Self-signatures help against this only when the attacker is
different from the key owner. However, certain attacks only make
sense when the key owner is identical to the attacker.
> This security hole is avoided, when you forbid non self signed user
> ids (which is the default in gnupg), so I wouldn't change this
> behavior by the above mentioned option.
A self signature proves that the key's owner claims to be someone
whose identity is indicated by the user id packet which is signed.
This may be desirable in certain contexts, but please don't trust
this claim when you don't trust the key's owner.
--
http://www.guug.de/~roessler/
