Re: self signed keys

2013-08-14 Thread Hauke Laging
Am Mi 14.08.2013, 09:55:41 schrieb Henry Hertz Hobbit: > There is no such requirement. Your own keys are trusted > automatically with ultimate trust when you create them. You > can stop reading now. This sounds like the usual mix-up of (certification) trust and validity. > You do not not need

Re: self signed keys

2013-08-14 Thread Werner Koch
On Wed, 14 Aug 2013 11:22, joh...@vulcan.xs4all.nl said: > GnuPG can be picky about trust issues but that's no requirement. It is not only about trust. The self-signature conveys more information, for example algorithm preferences. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahm

Re: self signed keys

2013-08-14 Thread Henry Hertz Hobbit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/14/2013 07:47 AM, Axel Braun wrote: > Hi, > > one (stupid?) question: > > Where is the requirement to sign your own key documented? I had a > look into RFC 4880 but could not spot the requirement there. > > Thanks for clarifying Axel Th

Re: self signed keys

2013-08-14 Thread Werner Koch
On Wed, 14 Aug 2013 11:09, axel.br...@gmx.de said: > So where is it specified that a key has to be self-signed? The self-signature binds the user id to the actual key. Thus it is necessary to have a self-signature. The OpenPGP standard does not specify any trust model but merely specifies metho

Re: self signed keys

2013-08-14 Thread Johan Wevers
On 14-08-2013 11:09, Axel Braun wrote: >> AFAIK it is not required, just common practice. > > Really? I recently had a key which I was unable to import due to missing self- > signature. Just with the option --allow-non-selfsigned-uid it was possible GnuPG can be picky about trust issues but that

Re: self signed keys

2013-08-14 Thread Axel Braun
Am Mittwoch, 14. August 2013, 10:05:18 schrieb Johan Wevers: > On 14-08-2013 9:47, Axel Braun wrote: > > Where is the requirement to sign your own key documented? > > AFAIK it is not required, just common practice. Really? I recently had a key which I was unable to import due to missing self- sig

Re: self signed keys

2013-08-14 Thread Johan Wevers
On 14-08-2013 9:47, Axel Braun wrote: > Where is the requirement to sign your own key documented? AFAIK it is not required, just common practice. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users m

self signed keys

2013-08-14 Thread Axel Braun
Hi, one (stupid?) question: Where is the requirement to sign your own key documented? I had a look into RFC 4880 but could not spot the requirement there. Thanks for clarifying Axel signature.asc Description: This is a digitally signed message part.