On Tue, Sep 14, 1999 at 11:21:02AM +0200, Florian Lohoff wrote: > Just a small thought - If there is a web of trust on pgp - You > should be able to transfer it to "gpg". > > Just send the gpg key in a mail signed with pgp. You are > able to verify the consistency of the mail and is to the > hand of the sender (aka Owner of the 2 Keys) to enshure > the content of the mail is valid (As He/She does when printing > fingerprints) ... Not really. What if the pgp key is compromised? The original owner can release a revocation certificate for the pgp key, but if someone creates a new gpg key that you sign based on the (compromised) pgp key then you've possibly validated a key that the original owner cannot revoke. That would be bad. Mike Stone
Attachment:
pgp5OByBdQSHG.pgp
Description: PGP signature