[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Big problem - GnuPG key deleted

* Anthony DeRobertis <asd@suespammers.org> [2003-07-15 10:02]:
> You're setting a higher standard to revoke a signature than to make 
> one. I think that's extremely silly. The other Gerfried Fuchs could 
> easily go to some person, saying he's you, show his photo ID and get 
> his key signed as you.

 What I haven't thought of are the key-ids. But often enough people just
upload the signed keys to the servers so I don't even have a chance to
see if the other one faked my address into his key to circumvent me :/
I really would love to see that key-uploads must be signed....

> If someone who proves himself to be Gerfried Fuchs comes up to me 
> (assuming I had signed your key, which I haven't) and tells me to 
> revoke that signature, I have a good reason to doubt the correctness of 
> my signature. I'd of course compare details as much as possible, etc.

 Yes, you are right.  But the inital situation wasn't described that
detailed, I understood it more or less to follow it blindly.

> Breaking a single good link in the web of trust is nowhere near as bad 
> as allowing a bad link to remain.

 There is nothing to disagree in here. And if it was a real mistake a
new connection can always be reestablished.

 So long,
use Mail::Signature;
$sig = Mail::Signature->new;
print $sig->random;

Attachment: pgpgAOlwl1VBz.pgp
Description: PGP signature

Reply to: