I don't use GPG all that much, but am a little concerned with the recent
SHA1 collision news.
From what I've read on this list, it doesn't seem to be too much of an
issue.
I wonder if someone could clarify some things for me, please:
1) Is this just an issue with signatures, or does it impact
On Mon May 18 19:58:08 2009, David Shaw ds...@jabberwocky.com wrote:
Signing with a subkey has a slightly different meaning than signing with
a primary key. When you sign a key, you're actually signing a
combination of the primary key and user ID that you chose to sign. If
you signed with a
On May 19, 2009, at 1:46 PM, James P. Howard, II wrote:
And on a divergent note, using the black
magic described elsewhere[1], is it bad to convert a subkey into a
primary key and use it to sign others?
To do this, you have to have the key in primary key form in the
(local)
web of trust.
