cross-certification

David Shaw dshaw at jabberwocky.com
Wed Sep 13 17:20:53 CEST 2006


On Wed, Sep 13, 2006 at 10:55:48AM +0200, Werner Koch wrote:
> On Sun, 27 Aug 2006 12:07, Dirk Traulsen said:
> 
> >  @item --require-cross-certification
> > - at itemx --no-require-certification
> > + at itemx --no-require-cross-certification
> 
> Fixed.  Also made --require-cross-certification the defualt for gpg2.

I think this is not a good idea - at least, not yet.  At the moment,
there are very few keys that have cross certification, and GPG is the
only program that generates keys with it.  If
--require-cross-certification is set by default, it will pretty much
break signing subkeys for most people.

We should give it more time with just the warning being printed before
this default is changed.

> > 2. 
> > When one issues the help command In the edit-key menu, there comes a list of commands. "cross-certify" is missing. I had a look at keyedit.c and the 
> > non-listed commands are the short cuts and the aliases. So it doesn't seem to be a deliberate ommision. Here is a proposal for a text. (The only 
> 
> There are not that many signing subkeys out in the wild and the
> "backsign" command is a helper to fix existing keys.  For new subkeys
> it is not required.  The error message issued for a missing backsig
> points to a web page explaining how to rectify this.  Thus there is no
> advertise this command.
> 
> > other missing commands are delphoto and revphoto. Are they intentionally ommitted?)
> 
> Not sure.  David?

Yes, it was intentional.  The reason is that delphoto is just another
name for deluid and revphoto is just another name for revuid.  Photos
are just user IDs, and the XXXphoto commands are there in case people
misunderstand that.

The help command in --edit-key is like the --help command line option.
It can't list everything or it will be useless.  It should only list
common options.

David



More information about the Gnupg-devel mailing list