-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Jul 07, 2003 at 03:34:56PM -0700, Len Sassaman wrote:
On Mon, 16 Jun 2003, David Shaw wrote:
This raises a 2440bis question: given all the recent deprecation of
PGP 2.x stuff, is it worth requiring self-signatures on user IDs now?
If I recall, the only reason that user ID self-signatures are not
currently required was for 2.x compatibility. Certainly every modern
implementation (5.0+, any GnuPG) generates user ID self-signatures
automatically when a user ID is created.
I think this is a marvelous idea.
The only thing that really troubles me about the idea is that it
raises problems for the (legal, to my reading of 2440) encrypt-only v4
key. A true encrypt-only key would have a problem issuing the
self-signature. Of course, Hal's comments about encryption keys
issuing signatures apply here as well.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/EVwy4mZch0nhy8kRAqi7AJ9/6CK8tnKlVi0hf83ZJD/cTFqaSACeNr1J
lHTbEJAkp49+QSqZ9WpW6Xg=
=KoEp
-----END PGP SIGNATURE-----