[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: signing a GPG key with multiple uids


On Wed, Dec 04, 2002 at 10:04:21AM -0800, John H. Robinson, IV wrote:
> Osamu Aoki wrote:
> > On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
> > > > which have that address in it.
> > > 
> > > I sign a uid when these uid's address is not bouncing and the person who
> > > claims to belong to this key answers a message encrypted to him sent
> > > to the specific uid. If the person answers to all the mails sent to
> > > him, I can sign all uid's.
> > 
> > This sounds like good practice but burden of proof for the "activeness"
> > of e-mail account is on signer side.  A bit unfiar, IMHO.
> this is as it should be. a signer needs to take Due Diligence when
> saying ``Yes. I know that this key matches this Name and EMail address.''
> failure to do that renders that signature, and potentially all other
> signatures made by that signer. the whole Web-of-Trust thing.
> some people do take more care than others when signing, and that is
> okay. but the onus is always on the signer to verify that the facts as
> she understands them are true.

Sure I agree in your point of due dilligence.  (I said "a bit".)  

I do not want to make life any harder for the people signing my GPG key

I think question was not well formed and discussion is drifting away.  I
started different thread to address my real question.


~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
        Osamu Aoki <osamu@debian.org>   Cupertino CA USA, GPG-key: A8061F32
 .''`.  Debian Reference: post-installation user's guide for non-developers
 : :' : http://qref.sf.net and http://people.debian.org/~osamu
 `. `'  "Our Priorities are Our Users and Free Software" --- Social Contract

Reply to: