Several questions as feedback on gnupg

Lionel Elie Mamane lionel@mamane.lu
Wed Jan 23 20:16:01 2002


--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jan 23, 2002 at 04:45:10PM +0100, Loic Bernable wrote:

> - I've been told the different running keyservers do not support the
>   deletion of an uid.

Yup. Only addition of things (signatures, UID's, subkeys, keys...) is
supported.

> - I've read somewhere that some french people asked Werner to contact
>   french administration (SCSSI) to legalize the use of GnuPG in France.

The copyright belongs to the FSF, so the FSF "should" do it. But this
declaration is only valid for one particular exact version, and free
software evolves so fast, ...

> - I realized during a demonstration that no authentication is needed
>   when modifying the trust values, and in particular assigning a higher
>   trust value. Can't it be a problem ?

If anyone has access to your user account on your computer, you are in
big trouble anyhow. If I can edit files in your homedirectory (and
changing trusts needs that), there are much more subtle ways to screw
you.

> - A friend of mine pointed out the problem that may occur with persons
>   who have a common name and surname.

That's why you should check the e-mail part of the UID too, before you
sign the UID.

--=20
Lionel
--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8TwvzscRzFz57S3MRAq19AKDLYEfPpFho0beNWzDN8y6BtcTwNACgl2qT
AaaC7aqRPOSU3ulnUZJ0jI4=
=P1/+
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--