Validating Sign Only Gpg Keys
Registered by
James Henstridge
on 2005-10-13
The current system for claiming GPG keys relies on the ability to encrypt an email to the user with that key, as a way to prove that they have the secret key and can use it to decrypt the message.
This process fails if the key can't be used for encryption (i.e. can only be used for signing). A separate verification procedure would be needed to handle such keys.
Blueprint information
- Status:
- Complete
- Approver:
- Christian Reis
- Priority:
- Medium
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- James Henstridge
- Definition:
- Approved
- Series goal:
- None
- Implementation:
-
Implemented
- Milestone target:
- None
- Started by
- James Henstridge on 2006-08-16
- Completed by
- James Henstridge on 2006-08-16
Related branches
Whiteboard
(?)