According to dkg, the tsign domain parameter means
"limit this trust signature to only cover certifications of User IDs with e-mail
addresses that have the given domain after the @ sign"
However, when used, this does not achieve the desired effect.
Description
Description
Details
Details
- Version
- 1.4.20
Related Objects
Related Objects
- Mentioned In
- T2923: trust signature domain restrictions don't work
- Mentioned Here
- T2923: trust signature domain restrictions don't work
Event Timeline
Comment Actions
Hi Clint,
Out of curiosity, have you tried this on 2.1?
I realize this is probably very easy to reproduce, but could you nevertheless
list the commands that you used to show the bug?
Thanks!
Comment Actions
I have not tried this on 2.1.
To reproduce
% gpg --recv-keys 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
74D1153FB159BB3D1BAC641CAC504BE650012B98
% gpg --edit-key 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
tsign with 2 (I trust fully), depth 1, domain "aclu.org"
Check validity of 74D1153FB159BB3D1BAC641CAC504BE650012B98If you make the trust signature without a domain specified,
74D1153FB159BB3D1BAC641CAC504BE650012B98 will appear as "full". With the domain
specified, it appears as "unknown".
Comment Actions
I confirmed this is same bug in T2923: trust signature domain restrictions don't work, I am closing this one as duplicate.
If you type "ACLU.ORG" (upper letters), it works.