[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Requiring self-signed uids? (was Re: PoP & Signer's User ID subpacket?)
On Fri, 18 Jul 2003 10:10:37 -0700 David Shaw <dshaw@xxxxxxxxxxxxxxx>
>I do wonder what this case would mean in regards to the discussion
>1) Generate a RSA sign+encrypt key. Naturally the user ID on that
> should have a self-signature.
>2) Now change the key flags so that the primary is encrypt-only.
>Is that an "encrypt-only" key?
in the olden days of pgp 2.x, some people would make two keypairs, and
would use one only for signing and one only for encrypting,
so, if someone now were to generate a v4 rsa key and flag it as encrypt
it might be (?mis)taken in exactly the v3 context,
that the user intended it as an encrypt-only key,
and, for whatever reason, might prefer to do it this way and not deal
the only problem would be if it could be flagged this way *un-intentionally*,
which doesn't seem to be the case
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
Promote security and make money with the Hushmail Affiliate Program: