Hi,

On Tuesday 03 November 2015 16:34:39 you wrote:
> At Tue, 03 Nov 2015 16:10:24 +0100,
> 
> Andre Heinecke wrote:
> > Don't we need to lookup the new key anyway to make validity decisions?
> > Until then we assume "Unknown" trust.
> 
> In the verify case, yes.  But what about the sign case?  We just see
> that the old key has been revoked, but we don't know what the new key
> is.

I assume you mean the encrypt case (I don't see how this affects sign)? But 
still I don't see a problem there. If you don't have a valid key to encrypt 
to. You need to get a different key. How is the trust model involved in that?

Once you have that new key you can do the UID / Signature checks I suggested.


Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to