[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Migrating to GPG - A mini-HOWTO

On Tue, Sep 14, 1999 at 11:21:02AM +0200, Florian Lohoff wrote:
> Just a small thought - If there is a web of trust on pgp - You
> should be able to transfer it to "gpg".
> Just send the gpg key in a mail signed with pgp. You are
> able to verify the consistency of the mail and is to the 
> hand of the sender (aka Owner of the 2 Keys) to enshure
> the content of the mail is valid (As He/She does when printing
> fingerprints) ...

Not really. What if the pgp key is compromised? The original owner can
release a revocation certificate for the pgp key, but if someone creates
a new gpg key that you sign based on the (compromised) pgp key then
you've possibly validated a key that the original owner cannot revoke.
That would be bad.

Mike Stone

Attachment: pgp5OByBdQSHG.pgp
Description: PGP signature

Reply to: