Houston, we have a problem
Stefan Claas
stefan.claas at posteo.de
Thu Sep 21 22:37:38 CEST 2017
On Thu, 21 Sep 2017 16:16:12 -0400, Robert J. Hansen wrote:
> > If someone would issue a fake sig3 from Governikus to someone
> > else how could you, for example, verify that the sig3 is from
> > Governikus?
>
> By validating Governikus's certificate.
Do i understand you right, i validate Werner's pub key and when
i get a signed email from Erika Mustermann the sig should be then
o.k. from her, because i signed Werner's key?
> You seem to be asking the same question (and getting the same answer)
> over and over again. Perhaps try a different phrasing? Or is it that
> the answer isn't clear?
I'm sorry! Let me say one last word. If i would be a programmer of
software like GnuPG, my software would not allow to receive unwanted
signatures on my pub key, nor would it allow that someone else can
fake a sig on someone else's pub key with my key-id.
Good night and best regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list