Hello Werner and all, after seeing Facebook's public key a couple of days ago, i was wondering if it's possible to enhance GnuPG in a future version, so that it no longer allows someone to sign a public key without approval of the owner.
As an example: Bob likes to sign Alice's pub key and issues the sign key command, but instead of signing the key directly GnuPG would create a "Signature Reguest Certificate" which Alice reads and verifies in GnuPG, thus allowing her to add Bob's signature to her key. This mechanism, or a similar one would protect Alice's key from unwanted signatures. Best regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
