On Thu, Aug 06, 2009 at 11:51:25AM +0200, Jan Wagner wrote: > .oO(*note* don't keysign with Petter Reinholdtsen for now) Why not? If you are sure that the identity is correct and that the e-mail addresses are correct (through *your* use of caff), the only thing your signature can do is strengthen the web of trust. I would sign in that case. Whether you trust him to be able to handle his key properly is an entirely separate variable, and in fact handled by GnuPG separately. Unless the problem is that you don't want Petter's signatures on your key, but then there's not much you can do anyway to prevent me or anyone else from creating a key with Bill Gates (or Petter Reinholdtsen) as the name, signing your key and uploading the signature to a keyserver. In fact this is one of the aspects of PGP+keyservers I don't like, that you can create 100k bogus signatures on someone's key and AFAICT there's nothing they can do to prevent their key on the keyservers from becoming too huge to handle. Sami
Attachment:
signature.asc
Description: Digital signature