[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG Key Signing (Was: Advocate/Sponsor)

On 28/06, John H. Robinson, IV wrote:

| http://people.debian.org/~jaqque/keysign.html
| it does have some weaknesses, but it is a lot stronger than the ``oh,
| i've met you, i have checked your ID, and off we go''
| comments welcome.

It has an enormous flaw: you do not sign a key, you sign an id. That means
that checking for one e-mail address for being valid and signing all the ids
is just bogus. You may use this protocol, but you have to repeat each for
every email address you are going to sign.

Reply to: