Re: signing a GPG key with multiple uids
On Tue, Dec 03, 2002 at 07:26:48PM -0800, Richard A. Hecker wrote:
> Oohara Yuuma wrote:
>
> > When signing a GPG key, is it better to sign all of its uids, or
> > just an uid that I see relevant (such as the @debian.org one)?
> > I usually meet someone, get a hardcopy of the key fingerprint,
> > the e-mail address and so on, then check it later and sign the uid
> > which have that address in it.
>
> I prefer to validate each email address. It is mostly a personal
> preference but at least I know the uid was valid at one point. I
> have a uid associated with an employer account that I do not
> have access to. It makes no sense for someone to sign that
> uid and I will probably expire it soon.
Although we may not control some e-mail addresses on GPG key uid, we can
issue revocation certificate to the particular uid. That burden of
keeping all uid current is not something signer has to worry about. It
should be something owner of the key has to worry about and maintain.
I use debian mail address plus one under my personal domain.
I wanted both to be signed since they are both active.
Osamu
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
Osamu Aoki <osamu@debian.org> Cupertino CA USA, GPG-key: A8061F32
.''`. Debian Reference: post-installation user's guide for non-developers
: :' : http://qref.sf.net and http://people.debian.org/~osamu
`. `' "Our Priorities are Our Users and Free Software" --- Social Contract
Reply to: