potential IETF WG incompatibility with GnuPG 2.3
Neal H. Walfield
neal at walfield.org
Tue Dec 13 10:07:07 CET 2022
On Tue, 13 Dec 2022 09:35:22 +0100,
Bernhard Reiter wrote:
> (Same as you did when you have decided to made keys.openpgp.org incompatible
> to the existing OpenPGP standard, by not adding the necessary signature, see
> https://dev.gnupg.org/T4393 and blame it as defect on your page
> https://keys.openpgp.org/about/faq)
I think you are misreading the standard here. My reading of 4880 is
the grammar for certificates explicitly says that self signatures on
User ID packets are optional:
- One or more User ID packets
- After each User ID packet, zero or more Signature packets
(certifications)
...
Immediately following each User ID packet, there are zero or more
Signature packets.
https://www.rfc-editor.org/rfc/rfc4880#section-11.1
So, I think gpg's behavior diverges from the standard here.
Can you point me to the text in 4880 that supports your view that User
IDs must have self signatures?
Thanks,
Neal
More information about the Gnupg-devel
mailing list