[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Big problem - GnuPG key deleted



* Rico -mc- Gloeckner <debian@ukeer.de> [2003-07-15 15:12]:
> You do not only sign the identity of the key, you are also signing that
> this identity is using *this* emailadress.

 Don't tell me, I'm doing this for ages. But there are many people out
there who don't care, who simply signs them all and sends them to the
keyservers.  And that's not that uncommon: From my keysignings I've
learned that not that many people sign each contact-address seperately
and send them seperately to the corresponding address.

> In any other Cases there should be a decision possible if the new
> keyowner is the same as the old keyowner.

 Yes, for sure. But it would be easy to add some fake IDs to the key to
make the people believe that it's the same person.

> Maybe some Guidelines on what to do and what not to do with PGP Keys,
> Revocations and sigs should be setup. I also ask myself everytime if i
> should sign with 2 or 3 when i met someone, got his keyid&fpr and saw
> his ID.
> 
> There are people who say 2, there are people that say 3.

 AOL me.

 So long,
Alfie [who uses 3, thinks that he checks well enough and thinks 2 sounds
   somewhat strange in the description to be a real option....]
-- 
use Mail::Signature;
$sig = Mail::Signature->new;
print $sig->random;

Attachment: pgpImp5kYYe5z.pgp
Description: PGP signature


Reply to: