Privacy Implications Of Signing Keys

Alphax alphasigmax at gmail.com
Sat Jun 18 06:52:29 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Psy-Kosh wrote:
> 
> 
> Not to mention that anyone can sign keys, independant of the will of the
> key's owner. (I think a protocol to actually remove unwanted sigs from a
> key may be useful. (ie, a way to have the removal propagated by the
> keyservers)) For instance, a friend of mine apperently signed my key
> with a couple nonsense keys he generated just to emphasize the point.
> 
> Psy-Kosh

Yes, signatures on a key should probably be revokable by the keys owner.
But it would take a newer version of the OpenPGP standard for this to
happen. Anyway, a signature on a key means nothing whatsoever unless you
happen to trust the key that issued the signature, so unless you
countersigned the key that signed yours, there is a high degree of
deniability.

- --
Alphax
OpenPGP key: 0xF874C613 - http://tinyurl.com/cc9up
http://en.wikipedia.org/wiki/User:Alphax
There are two kinds of people: those who say to God, 'Thy will be done,'
and those to whom God says, 'All right, then, have it your way.' - C. S.
Lewis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCs6iN/RxM5Ph0xhMRAsvBAJ9Wxk3M98yP3gIHB5a6RnLZPi5K/wCfU/1c
Rzr4P90t4u0sIhRTr314a+Q=
=lFxc
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list