Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
On Mon, Apr 16, 2001 at 10:55:21PM +0200, Lenart Janos wrote:
> It's terrible what you people here call keysigning, and keysign
> checking. You are using --list-sigs and not --check-sigs, --list-sigs
> DOES NOT CHECK ANYTHING. And that other guy signs a UID that's
> invalid. So, if elmo rejects the application the applicant can be happy
> with having a signed @debian.org UID, I have no idea whatever it's good
> for by this time, but it's BAD anyway. The web of trust is piece of shit
> becouse of the 'I-don\'t-care' users of strong encryption systems.
If I sign a key I confirm the fact that the person with the name on
the key has claimed to me that the key is his. IMHO my signature on
the key does not confirm that the person is owner of the mailbox.
Am I right?