On 8/16/2015 at 12:34 PM, "Stefan Claas" <ad...@zwiebelfreund.de> wrote: >Should now GnuPG been enhaned, or the Key Server's been updated, >similar to the pgp.com one.in order to allow such things not in >the future?
===== It would be very helpful if such a protection against unwanted key signatures could be instituted. Here is a possible suggestion on how it might be done: [1] Have GnuPG require a 'cross-certification' of signatures, similar to the cross-certification of subkeys. [2] Have GnuPG give a message upon importing a public key, that "Signatures from keyid's [...], [....], and [...] have not been cross-certified by their owner, Clean these signatures, y / n ? " (Alternatively, the default could be: "These signatures will be removed. If you want to keep them, enter 'keep-sig' ", and then each new sig would be displayed, and if the importer wants the sig, the importer would need to enter 'keep-sig' for each sig individually.) This would require the owners of the keys to do periodic checking of their keys and cross-certify the signatures they want. It would also be a bit of work for the owners to cross-certify all the 'good' signatures they were happy to get. Just a suggestion. The implementers can best decide how much extra work this would require, and if there is a simpler better way to accomplish the desired result. vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
