[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PoP & Signer's User ID subpacket?

To: Michael Young <mwy-opgp97@xxxxxxxxxxxxxx>
Subject: Re: PoP & Signer's User ID subpacket?
From: Len Sassaman <rabbi@xxxxxxxxxxx>
Date: Thu, 17 Jul 2003 15:14:41 -0700 (PDT)
Cc: <ietf-openpgp@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

On Sun, 13 Jul 2003, Michael Young wrote:

> "David Shaw" <dshaw@xxxxxxxxxxxxxxx> writes:
> > The only thing that really troubles me about the idea is that it
> > raises problems for the (legal, to my reading of 2440) encrypt-only v4
> > key.
>
> This doesn't trouble me... I strongly believe that we should
> remove the loophole that allows encrypt-only top-level v4 keys,
> for exactly this reason.  (I was astounded when David pointed out
> the seemingly permissive language in another forum.)

Agreed.

> Why is it important to be able to generate such a thing?  Is it such a
> burden to have to generate a signing key?
>
> [If you don't care about uid validity, which you mustn't if you're
> using an encrypt-only top-level key now, then you could even attach a
> bogus top-level key, which would take virtually no time to generate.]

References:
- Re: PoP & Signer's User ID subpacket?
  - From: Michael Young

Prev by Date: Re: Adding in BZ2 compression?
Next by Date: Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
Previous by thread: Re: PoP & Signer's User ID subpacket?
Next by thread: Re: PoP & Signer's User ID subpacket?
Index(es):
- Date
- Thread