Post by Non scrivetemiI suggested the key should have been self signed. If the entire key
including UID's was self signed then nobody could alter any part of
the key including UID's. This is how X.509 certs work.
I understand you can't delete UID's the way things are designed now.
I am just saying it didn't have to be that way, somebody didn't think
this through.
Yes they did. Imagine the following scenario.
1) I have a key (0xDEADBEEF) with my one email address,
***@jameshoward.us on it, sign the entire key, and submit it to a keyserver.
2) You download it.
3) I have a key (0xDEADBEEF) with my one email address,
***@gmail.com on it, sign the entire key, and submit it to a keyserver.
4) Under your scenario, if DEADBEEF/howardjp were submitted after
DEADBEEF/jh, jh is deleted.
5) You upload DEADBEEF/jh.
6) The keyserver dutifully deletes DEADBEEF/howardjp, and restores
DEADBEEF/jh. That is not what I wanted and there is no way to stop it.
James
- --
James P. Howard, II, MPA MBCS CGFM
***@jameshoward.us