[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Migrating to GPG - A mini-HOWTO

Michael Stone wrote:
> >    On Tue, Sep 14, 1999 at 03:38:34PM +0200, Marco d'Itri wrote:
> >    > I signed my DSS key with the old RSA key and then asked people who
> >    > signed the old key to sign the new one with their DSS key.
> >    > This is easy and secure.
> > 
> >    Again, no it isn't. How do they know that someone didn't steal your pgp
> >    key?
> > 
> > How is this different from the question ``How does dinstall (or other
> > person/program) know someone hasn't stolen [developer]'s PGP key?''
> Because I can issue a key revocation if a key that I own is compromised.

Why can you issue this revocation to the keyring for dinstall but not
for the people who have signed your key?



Let's call it an accidental feature.  --Larry Wall

Please always Cc to me when replying to me on the lists.

Reply to: