keysigning ?= UIDsigning

Chad Miller cmiller@surfsouth.com
Wed, 28 Jun 2000 20:46:27 -0400


--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 28, 2000 at 07:34:24PM -0400, Billy Donahue wrote:

> You accumulate signatures on your UID+key, not the key itself.
> A signature asserts a relation of a UID to the key.
=2E..but a fingerprint or keyid doesn't assert UID at all. So, when you're= =20 at a keysigning party, you should demand the UID as well? Hmmm. I think I agree with this, but I suggest a change to the docs to=20 add as the primary UID only information that should never change, and add UIDs later to contain email addresses and other ephemeral info after it. It'd be a shame to get plenty of signatures on a single-UID key and have your ISP go tits-up. =20 - chad -- Chad Miller <cmiller@surfsouth.com> URL: http://web.chad.org/ (GPG) "Any technology distinguishable from magic is insufficiently advanced". First corollary to Clarke's Third Law (Jargon File, v4.2.0, 'magic') --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5WpxjQEOZop5pR9kRAj6mAJwOPWJKzXQFwPntX1SpecWrobdjygCgmtCv 0lKuij0NtbXD8tqRbhoImTc= =4mhd -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V--