gpg.conf - require-cross-certification #69
Description
Maybe add require-cross-certification to the gpg.conf?
It is the default in Debian AFAIK with this reason given:
# When verifying a signature made from a subkey, ensure that the cross
# certification "back signature" on the subkey is present and valid.
# This protects against a subtle attack against subkeys that can sign.
# Defaults to --no-require-cross-certification. However for new
# installations it should be enabled.