[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A question.



On Sat, Feb 14, 1998 at 07:54:26PM -0600, Ender Wigin wrote:
> 
> Ok, I found a maintainer who will sign my pgp signiture ... but both of us
> are lost as to what exactly we have to do to "sign" a signature... Here is
> what he thought was the right way to do it.
> 
> "I'll come over with my public key. We will compare id's, and then, if
> you want, you can sign my public key. You'll also give me a copy of
> your public key, for me to bring home and sign. Then I email you the
> signed copy of your public key (the email being signed and encrypted, of
> course). Does this sound right? I'm a little leery of the need to add
> my secret key to your machine in order for me to sign your key, which
> appears to be what is needed from my reading of the docs. I could be
> wrong, so if there is a better way, let me know."

You should meet in persona in real life and exchange your id cards
and fingerprints (extracted with pgp -kvc) so you can be sure that
either of you is either of you.  After that sign either key with 
pgp -ks and extract it with pgp -kxa and send it to either of
you.

If you haven't meet each other in real life and cannot assure
that either of you is the person you must not sign either key

Regards,

	Joey

-- 
   / Martin Schulze  *  joey@infodrom.north.de  *  26129 Oldenburg /
  / linux: Unbekannter Terminaltyp                                /
 / Ich weiß nicht, auf was für einem Terminaltyp Sie arbeiten -  /
/ alles, was ich habe, ist 'linux'.              -- Solaris 2.5 /

Attachment: pgp5vvffkZ8uw.pgp
Description: PGP signature


Reply to: