[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: signing a GPG key with multiple uids

Oohara Yuuma wrote:

> When signing a GPG key, is it better to sign all of its uids, or
> just an uid that I see relevant (such as the @debian.org one)?
> I usually meet someone, get a hardcopy of the key fingerprint,
> the e-mail address and so on, then check it later and sign the uid
> which have that address in it.
> --

I prefer to validate each email address.  It is mostly a personal
preference but at least I know the uid was valid at one point.  I
have a uid associated with an employer account that I do not
have access to.  It makes no sense for someone to sign that
uid and I will probably expire it soon.


Reply to: