Re: signing a GPG key with multiple uids

To: debian-mentors@lists.debian.org
Subject: Re: signing a GPG key with multiple uids
From: Osamu Aoki <osamu@debian.org>
Date: Wed, 4 Dec 2002 11:09:09 -0800
Message-id: <[🔎] 20021204190909.GB30151@aokiconsulting.com>
Mail-followup-to: debian-mentors@lists.debian.org
In-reply-to: <[🔎] 20021204180420.GB29300@ucsd.edu>
References: <[🔎] 20021204.102039.74723834.oohara@grain> <[🔎] 20021204020556.GC18520@rene-engelhard.de> <[🔎] 20021204033137.GB24219@aokiconsulting.com> <[🔎] 20021204180420.GB29300@ucsd.edu>

Hi,

On Wed, Dec 04, 2002 at 10:04:21AM -0800, John H. Robinson, IV wrote:
> Osamu Aoki wrote:
> > On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
> > > > which have that address in it.
> > > 
> > > I sign a uid when these uid's address is not bouncing and the person who
> > > claims to belong to this key answers a message encrypted to him sent
> > > to the specific uid. If the person answers to all the mails sent to
> > > him, I can sign all uid's.
> > 
> > This sounds like good practice but burden of proof for the "activeness"
> > of e-mail account is on signer side.  A bit unfiar, IMHO.
> 
> this is as it should be. a signer needs to take Due Diligence when
> saying ``Yes. I know that this key matches this Name and EMail address.''
> failure to do that renders that signature, and potentially all other
> signatures made by that signer. the whole Web-of-Trust thing.
> 
> some people do take more care than others when signing, and that is
> okay. but the onus is always on the signer to verify that the facts as
> she understands them are true.

Sure I agree in your point of due dilligence.  (I said "a bit".)  

I do not want to make life any harder for the people signing my GPG key
either.

I think question was not well formed and discussion is drifting away.  I
started different thread to address my real question.

Thanks.

Osamu
-- 
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
        Osamu Aoki <osamu@debian.org>   Cupertino CA USA, GPG-key: A8061F32
 .''`.  Debian Reference: post-installation user's guide for non-developers
 : :' : http://qref.sf.net and http://people.debian.org/~osamu
 `. `'  "Our Priorities are Our Users and Free Software" --- Social Contract

Reply to:

Follow-Ups:
- Re: signing a GPG key with multiple uids
  - From: Michael Banck <mbanck@gmx.net>

References:
- signing a GPG key with multiple uids
  - From: Oohara Yuuma <oohara@libra.interq.or.jp>
- Re: signing a GPG key with multiple uids
  - From: Rene Engelhard <rene@debian.org>
- Re: signing a GPG key with multiple uids
  - From: Osamu Aoki <osamu@debian.org>
- Re: signing a GPG key with multiple uids
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>

Prev by Date: Best practices of GPG signing
Next by Date: Re: signing a GPG key with multiple uids
Previous by thread: Re: signing a GPG key with multiple uids
Next by thread: Re: signing a GPG key with multiple uids
Index(es):
- Date
- Thread