Re: Valid OpenPGP keys without self-signature?

ietf-openpgp

2003-12-22 04:36:06


* aboietf(_at_)redtenbacher(_dot_)de wrote:

(1) Are such keys a security problem?


In general: Yes. In this particular case: No.

(2) Is such a key conforming to the OpenPGP spec (or at least
    interoperable with a conforming OpenPGP product)?


There are 2.6.x versions of PGP generating keys without a self signature.
So they are introduced and common, despite considered obsolet.

(3) Which OpenPGP products support such unusual public keys?


There is a strong movement to require the self signature. This is currently
work in progress on the whole key space.

<Prev in Thread]	Current Thread	[Next in Thread>
Valid OpenPGP keys without self-signature?, aboietf Re: Valid OpenPGP keys without self-signature?, Lutz Donnerhacke <= Re: Valid OpenPGP keys without self-signature?, Ian Grigg Re: Valid OpenPGP keys without self-signature?, Konrad Rosenbaum Re: Valid OpenPGP keys without self-signature?, vedaal Re: Valid OpenPGP keys without self-signature?, aboietf Re: Valid OpenPGP keys without self-signature?, Jon Callas

Previous by Date:	Valid OpenPGP keys without self-signature?, aboietf
Next by Date:	Re: Valid OpenPGP keys without self-signature?, vedaal
Previous by Thread:	Valid OpenPGP keys without self-signature?, aboietf
Next by Thread:	Re: Valid OpenPGP keys without self-signature?, Ian Grigg
Indexes:	[Date] [Thread] [Top] [All Lists]