On Thu, 2007-05-31 at 17:51 +0200, Giacomo A. Catenazzi wrote: > > I really see few people that check identity AND the email (people tend > to sign all key-identity of a key). In my experience most people verify that you can receive e-mail at the specified address by signing each identity, encrypting the signature with your public key, and sending it *to* the e-mail address for that identity. I have three e-mail identities in my key, and almost invariably receive an e-mail to each of them. For you to then get that to the keyservers you must: - receive the e-mail, proving the e-mail address works - decrypt the signature, proving your access to the private key That seems to me to actually be quite a thorough confirmation of the e-mail address. Cheers, Andrew McMillan. ------------------------------------------------------------------------- Andrew @ Catalyst .Net .NZ Ltd, PO Box 11-053, Manners St, Wellington WEB: http://catalyst.net.nz/ PHYS: Level 2, 150-154 Willis St DDI: +64(4)803-2201 MOB: +64(272)DEBIAN OFFICE: +64(4)499-2267 It may or may not be worthwhile, but it still has to be done. -------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part