* Anthony DeRobertis <asd@suespammers.org> [2003-07-15 10:02]: > You're setting a higher standard to revoke a signature than to make > one. I think that's extremely silly. The other Gerfried Fuchs could > easily go to some person, saying he's you, show his photo ID and get > his key signed as you. What I haven't thought of are the key-ids. But often enough people just upload the signed keys to the servers so I don't even have a chance to see if the other one faked my address into his key to circumvent me :/ I really would love to see that key-uploads must be signed.... > If someone who proves himself to be Gerfried Fuchs comes up to me > (assuming I had signed your key, which I haven't) and tells me to > revoke that signature, I have a good reason to doubt the correctness of > my signature. I'd of course compare details as much as possible, etc. Yes, you are right. But the inital situation wasn't described that detailed, I understood it more or less to follow it blindly. > Breaking a single good link in the web of trust is nowhere near as bad > as allowing a bad link to remain. There is nothing to disagree in here. And if it was a real mistake a new connection can always be reestablished. So long, Alfie -- use Mail::Signature; $sig = Mail::Signature->new; print $sig->random;
Attachment:
pgpgAOlwl1VBz.pgp
Description: PGP signature