[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Valid OpenPGP keys without self-signature?

To: ietf-openpgp@xxxxxxx
Subject: Re: Valid OpenPGP keys without self-signature?
From: Lutz Donnerhacke <lutz@xxxxxxxxxxx>
Date: Mon, 22 Dec 2003 11:35:59 +0000 (UTC)
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Newsgroups: iks.lists.ietf-open-pgp
Organization: IKS GmbH Jena
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: slrn/0.9.7.4 (Linux)

* aboietf@xxxxxxxxxxxxxxx wrote:
> (1) Are such keys a security problem?

In general: Yes. In this particular case: No.

> (2) Is such a key conforming to the OpenPGP spec (or at least
>     interoperable with a conforming OpenPGP product)?

There are 2.6.x versions of PGP generating keys without a self signature.
So they are introduced and common, despite considered obsolet.

> (3) Which OpenPGP products support such unusual public keys?

There is a strong movement to require the self signature. This is currently
work in progress on the whole key space.

References:
- Valid OpenPGP keys without self-signature?
  - From: aboietf

Prev by Date: Valid OpenPGP keys without self-signature?
Next by Date: Re: Valid OpenPGP keys without self-signature?
Previous by thread: Valid OpenPGP keys without self-signature?
Next by thread: Re: Valid OpenPGP keys without self-signature?
Index(es):
- Date
- Thread