Re: [PGP]: can someone in NYC sign me?
In article <[🔎] E0xfZVc-00006o-00@alex.y.dyndns.com>,
Alex Yukhimets <aqy6633@acf5.nyu.edu> wrote:
>Just one question to the "public": is it OK to take a floppy with his
>public key, sign it without his phisical presence and than e-mail
>him the signed file back (encripted with his key)?
Make sure you see some physical identification (driver's licence,
passport or similar). If you know who the person in front of you is,
and he gives you a key, you can check it's his by looking at the ID
on the key and checking the ID's signature. Once you've signed it,
there's no reason to encrypt the result. You could upload it to
a keyserver yourself, in fact.
Actually, encrypting the signed key might be a good idea, because
it'll ensure that the signed key won't be released to the world
unless the holder of the secret key wants that to happen.
(I -think- I've understood the issues correctly. Tell me if I'm
wrong, people!)
Also, I'm pretty sure there's a section in the PGP manual about how
to organise meetings to sign the keys of people you haven't met.
That's more authoritative than me.
--
Charles Briscoe-Smith
White pages entry, with PGP key: <URL:http://alethea.ukc.ac.uk/wp?95cpb4>
PGP public keyprint: 74 68 AB 2E 1C 60 22 94 B8 21 2D 01 DE 66 13 E2
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: