security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-21 19:48:05 +01:00
Code Activity

* gpg.sgml: Rename backsigs to cross-certification (backsigs is just

Browse Source 
shorthand).  Document max-cert-size.
This commit is contained in:
David Shaw 2006-03-07 22:44:23 +00:00
parent ee3379a77d
commit b62ca46f62
2 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/ChangeLog
View File

@ -1,5 +1,8 @@
2006-03-07 David Shaw <dshaw@jabberwocky.com> 2006-03-07 David Shaw <dshaw@jabberwocky.com>
* gpg.sgml: Rename backsigs to cross-certification (backsigs is
just shorthand). Document max-cert-size.
* gpg.sgml: Document new way of enabling the PKA functions. Some * gpg.sgml: Document new way of enabling the PKA functions. Some
minor other cleanups. minor other cleanups.

42
doc/gpg.sgml
View File

@ -528,7 +528,7 @@ used by GnuPG.
<listitem><para> <listitem><para>
Set a preferred keyserver for the specified user ID(s). This allows Set a preferred keyserver for the specified user ID(s). This allows
other users to know where you prefer they get your key from. See other users to know where you prefer they get your key from. See
--keyserver-option honor-keyserver-url for more on how this works. --keyserver-options honor-keyserver-url for more on how this works.
Note that some versions of PGP interpret the presence of a keyserver Note that some versions of PGP interpret the presence of a keyserver
URL as an instruction to enable PGP/MIME mail encoding. Setting a URL as an instruction to enable PGP/MIME mail encoding. Setting a
value of "none" removes a existing preferred keyserver. value of "none" removes a existing preferred keyserver.
@ -557,11 +557,12 @@ each user ID except for the most recent self-signature.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>backsign</term> <term>cross-certify</term>
<listitem><para> <listitem><para>
Add back signatures to signing subkeys that may not currently have Add cross-certification signatures to signing subkeys that may not
back signatures. Back signatures protect against a subtle attack currently have them. Cross-certification signatures protect against a
against signing subkeys. See --require-backsigs. subtle attack against signing subkeys. See
--require-cross-certification.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
@ -718,7 +719,7 @@ keyring. The fast version is currently just a synonym.
</para> </para>
<para> <para>
There are a few other options which control how this command works. There are a few other options which control how this command works.
Most notable here is the --keyserver-option merge-only option which Most notable here is the --keyserver-options merge-only option which
does not insert new keys but does only the merging of new signatures, does not insert new keys but does only the merging of new signatures,
user-IDs and subkeys. user-IDs and subkeys.
</para></listitem></varlistentry> </para></listitem></varlistentry>
@ -739,7 +740,7 @@ local keyring. This is useful for updating a key with the latest
signatures, user IDs, etc. Calling this with no arguments will signatures, user IDs, etc. Calling this with no arguments will
refresh the entire keyring. Option --keyserver must be used to give refresh the entire keyring. Option --keyserver must be used to give
the name of the keyserver for all keys that do not have preferred the name of the keyserver for all keys that do not have preferred
keyservers set (see --keyserver-option honor-keyserver-url). keyservers set (see --keyserver-options honor-keyserver-url).
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
@ -1399,7 +1400,7 @@ be repeated multiple times to increase the verbosity level.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>timeout</term> <term>timeout&OptEqualsValue;</term>
<listitem><para> <listitem><para>
Tell the keyserver helper program how long (in seconds) to try and Tell the keyserver helper program how long (in seconds) to try and
perform a keyserver action before giving up. Note that performing perform a keyserver action before giving up. Note that performing
@ -1415,8 +1416,15 @@ timeout applies separately to each key retrieval, and not to the
For HTTP-like keyserver schemes that (such as HKP and HTTP itself), For HTTP-like keyserver schemes that (such as HKP and HTTP itself),
try to access the keyserver over a proxy. If a &ParmValue; is try to access the keyserver over a proxy. If a &ParmValue; is
specified, use this as the HTTP proxy. If no &ParmValue; is specified, use this as the HTTP proxy. If no &ParmValue; is
specified, try to use the value of the environment variable specified, the value of the environment variable "http_proxy", if any,
"http_proxy". will be used.
</para></listitem></varlistentry>
<varlistentry>
<term>max-cert-size&OptEqualsValue;</term>
<listitem><para>
When retrieving a key via DNS CERT, only accept keys up to this size.
Defaults to 16384 bytes.
</para></listitem></varlistentry> </para></listitem></varlistentry>
</variablelist> </variablelist>
@ -2789,14 +2797,14 @@ handing out the secret key.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--require-backsigs</term> <term>--require-cross-certification</term>
<term>--no-require-backsigs</term> <term>--no-require-certification</term>
<listitem><para> <listitem><para>
When verifying a signature made from a subkey, ensure that the "back When verifying a signature made from a subkey, ensure that the cross
signature" on the subkey is present and valid. This protects against certification "back signature" on the subkey is present and valid.
a subtle attack against subkeys that can sign. Currently defaults to This protects against a subtle attack against subkeys that can sign.
--no-require-backsigs, but will be changed to --require-backsigs in Currently defaults to --no-require-cross-certification, but will be
the future. changed to --require-cross-certification in the future.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>