On Dec 29, 2011, at 10:19 AM, Robert J. Hansen wrote: > On 12/29/11 10:08 AM, Stayvoid wrote: >> A key is already signed after creation, right? > > Per spec, it must be. GnuPG enforces this. However, it's possible to > find some (likely deliberately mangled) certificates that are missing > self-signatures.
The OpenPGP spec actually doesn't require it, for compatibility with the original spec which also didn't require it. The implementations do tend to require it (which makes sense, as it is important for many reasons). These days, if you see a non-self-signed key, something is wrong. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users