> If someone would issue a fake sig3 from Governikus to someone > else how could you, for example, verify that the sig3 is from > Governikus?
By validating Governikus's certificate. You seem to be asking the same question (and getting the same answer) over and over again. Perhaps try a different phrasing? Or is it that the answer isn't clear? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
