On Thu, 2007-05-31 at 17:51 +0200, Giacomo A. Catenazzi wrote:
>
> I really see few people that check identity AND the email (people tend
> to sign all key-identity of a key).
In my experience most people verify that you can receive e-mail at the
specified address by signing each identity, encrypting the signature
with your public key, and sending it *to* the e-mail address for that
identity. I have three e-mail identities in my key, and almost
invariably receive an e-mail to each of them.
For you to then get that to the keyservers you must:
- receive the e-mail, proving the e-mail address works
- decrypt the signature, proving your access to the private key
That seems to me to actually be quite a thorough confirmation of the
e-mail address.
Cheers,
Andrew McMillan.
-------------------------------------------------------------------------
Andrew @ Catalyst .Net .NZ Ltd, PO Box 11-053, Manners St, Wellington
WEB: http://catalyst.net.nz/ PHYS: Level 2, 150-154 Willis St
DDI: +64(4)803-2201 MOB: +64(272)DEBIAN OFFICE: +64(4)499-2267
It may or may not be worthwhile, but it still has to be done.
-------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part