[linux-elitists] [patrick@pine.nl: PGPsdk Key Validity Vulnerability]

M. Drew Streib dtype@dtype.org
Tue Sep 4 18:48:41 PDT 2001


On Tue, Sep 04, 2001 at 01:12:40PM -0700, Karsten M. Self wrote:
> One to watch for, my key-signing friends.

I don't think this affects GPG, but is there any explicit statement
of such?

My keyanalyze report simply takes all the signatures on all uids of
a key, as that is easiest. It uses the primary uid as the displayed
one, so this 'trick' would 'fool' my report, for what it is worth, which
I hope is not much.

-drew

-- 
M. Drew Streib <dtype@dtype.org> | http://dtype.org/
FSG <dtype@freestandards.org>    | Linux International <dtype@li.org>
freedb <dtype@freedb.org>        | SourceForge <dtype@sourceforge.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010905/076778b6/attachment.pgp 


More information about the linux-elitists mailing list