Re: GPG Key Signing (Was: Advocate/Sponsor)

To: debian-mentors@lists.debian.org
Subject: Re: GPG Key Signing (Was: Advocate/Sponsor)
From: Samuel Tardieu <sam@debian.org>
Date: Thu, 28 Jun 2001 19:42:57 +0200
Message-id: <[🔎] 2001-06-28-19-42-57+trackit+sam@debian.org>
Reply-to: Samuel Tardieu <sam@debian.org>
In-reply-to: <[🔎] 20010628102754.G18090@ucsd.edu>; from jhriv@ucsd.edu on Thu, Jun 28, 2001 at 10:27:54AM -0700
References: <[🔎] 015e01c0fff0$fa630080$5d546618@ym1.on.wave.home.com> <[🔎] Pine.LNX.4.30.0106281148540.3272-100000@tennyson.netexpress.net> <[🔎] 20010628102754.G18090@ucsd.edu>

On 28/06, John H. Robinson, IV wrote:

| http://people.debian.org/~jaqque/keysign.html
| 
| it does have some weaknesses, but it is a lot stronger than the ``oh,
| i've met you, i have checked your ID, and off we go''
| 
| comments welcome.

It has an enormous flaw: you do not sign a key, you sign an id. That means
that checking for one e-mail address for being valid and signing all the ids
is just bogus. You may use this protocol, but you have to repeat each for
every email address you are going to sign.

Reply to:

Follow-Ups:
- Re: GPG Key Signing
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: GPG Key Signing (Was: Advocate/Sponsor)
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: Advocate/Sponsor
  - From: "Duncan Findlay" <duncf@home.com>
- Re: Advocate/Sponsor
  - From: Steve Langasek <vorlon@netexpress.net>
- GPG Key Signing (Was: Advocate/Sponsor)
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>

Prev by Date: GPG Key Signing (Was: Advocate/Sponsor)
Next by Date: Re: Advocate/Sponsor
Previous by thread: GPG Key Signing (Was: Advocate/Sponsor)
Next by thread: Re: GPG Key Signing
Index(es):
- Date
- Thread