Trusted Signatures on your Public key?
Marc Mutz
Marc.Mutz@uni-bielefeld.de
Thu Jul 19 18:34:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 19 July 2001 14:34, Huels, Ralf SCORE wrote:
> > You may additionally send an encrypted "ping" message to all UIDs
> > on the peer's key before signing just to make sure that the peer is
> > in fact in control of all UIDs and has the secret key.
>
> I usually sign only the UIDs represented on the paper fingerprint.
> This makes the signing process somewhat more complicated, but I don't
> have to worry about the other UIDs.
<snip>
Yes, this is also advisable. However, I can come along and add Marc
Mutz <mmutz@uni-paderborn.de> to my list of UIDs and - given such a
user (e.g. Micheal Mutz) exists, and he hasn't got a PGP key on the
keyserver (yet), my key is produced on a search.
It comes down hoe 'hard' you personal certification policy is. Some
certify onlt the name part and don't care about the mail addresses
(e.g. c't pgpCA) and others (e.g. P. Palfrader) check the mail
addresses, too.
Marc
- --
Marc Mutz <Marc@Mutz.com>
http://marc.mutz.com/
http://www.mathematik.uni-bielefeld.de/~mmutz/
http://EncryptionHOWTO.sourceforge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7VyfV3oWD+L2/6DgRAtuYAJ9ainVYXqvIK/vO12mWvnYNqKNbOwCgxHH8
MkiNT3r48PVaQX7rIeWKGSU=
=Zf91
-----END PGP SIGNATURE-----