Re: signing a GPG key with multiple uids
On Wed, Dec 04, 2002 at 10:04:21AM -0800, John H. Robinson, IV wrote:
> Osamu Aoki wrote:
> > On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
> > > > which have that address in it.
> > >
> > > I sign a uid when these uid's address is not bouncing and the person who
> > > claims to belong to this key answers a message encrypted to him sent
> > > to the specific uid. If the person answers to all the mails sent to
> > > him, I can sign all uid's.
> > This sounds like good practice but burden of proof for the "activeness"
> > of e-mail account is on signer side. A bit unfiar, IMHO.
> this is as it should be. a signer needs to take Due Diligence when
> saying ``Yes. I know that this key matches this Name and EMail address.''
> failure to do that renders that signature, and potentially all other
> signatures made by that signer. the whole Web-of-Trust thing.
> some people do take more care than others when signing, and that is
> okay. but the onus is always on the signer to verify that the facts as
> she understands them are true.
Sure I agree in your point of due dilligence. (I said "a bit".)
I do not want to make life any harder for the people signing my GPG key
I think question was not well formed and discussion is drifting away. I
started different thread to address my real question.
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
Osamu Aoki <firstname.lastname@example.org> Cupertino CA USA, GPG-key: A8061F32
.''`. Debian Reference: post-installation user's guide for non-developers
: :' : http://qref.sf.net and http://people.debian.org/~osamu
`. `' "Our Priorities are Our Users and Free Software" --- Social Contract