Re: [PGP]: can someone in NYC sign me?
On Wed, Dec 10 1997 17:44 GMT Charles Briscoe-Smith writes:
> In article <[🔎] E0xfZVc-00006o-00@alex.y.dyndns.com>,
> Alex Yukhimets <aqy6633@acf5.nyu.edu> wrote:
> >Just one question to the "public": is it OK to take a floppy with his
> >public key, sign it without his phisical presence and than e-mail
> >him the signed file back (encripted with his key)?
>
> Make sure you see some physical identification (driver's licence,
> passport or similar). If you know who the person in front of you is,
> and he gives you a key, you can check it's his by looking at the ID
> on the key and checking the ID's signature.
Yes. That's right.
> Once you've signed it, there's no reason to encrypt the result.
Well, if you're sending him the encrypted key [with the Public key
of the person], only the receiver can decrypt it. This is a small
trick to insure that the person got the `right key' :)
> You could upload it to a keyserver yourself, in fact.
Hmm, I wouldn't. It's possible that said person collects more keys and
wants to upload them simultaneously.
> (I -think- I've understood the issues correctly. Tell me if I'm
> wrong, people!)
AFAICT you're right.
Just my 20 centimes,
David
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: