back signatures

David Shaw dshaw at jabberwocky.com
Sat Nov 5 14:30:10 CET 2005


On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote:
> David Shaw wrote:
> > On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote:
> > 
> >>David Shaw wrote:
> >>
> >>>On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote:
> >>>
> >>>
> >>>>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
> >>>>
> >>>>
> >>>>>Salve!
> >>>>>Can somebody explain me what is "back signatures"?
> >>>>>Manual not very clear about this.
> >>>>
> >>>>It's a countermeasure against an attack against signing subkeys.
> >>>>Basically, the primary key signs all subkeys.  With backsigs, the
> >>>>signing subkey also signs the primary key.
> >>>>
> >>>>Without this, an attacker can "steal" a signing subkey from someone
> >>>>else and try and pretend that a signature came from his own key.  It's
> >>>>not a particularly good attack: the attacker can't issue signatures to
> >>>>prove his ownership.
> >>>
> >>>
> >>>I should add that this is a new feature for 1.4.3.
> >>>
> >>
> >>Has 1.4.3 been officially released yet?
> > 
> > 
> > Not yet, no.
> > 
> 
> How "unofficial" is it?

It's as official as any release that hasn't happened yet: that is to
say, we're happy and thrilled if you test it out and report bugs (to
gnupg-devel), but you'll have to compile it from the SVN repository,
and it's not considered stable code.

David



More information about the Gnupg-users mailing list