Trusted Signatures on your Public key?

Marc Mutz Marc.Mutz@uni-bielefeld.de
Thu Jul 19 18:34:01 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 19 July 2001 14:34, Huels, Ralf SCORE wrote:

> > You may additionally send an encrypted "ping" message to all UIDs
> > on the peer's key before signing just to make sure that the peer is
> > in fact in control of all UIDs and has the secret key.
>
> I usually sign only the UIDs represented on the paper fingerprint.
> This makes the signing process somewhat more complicated, but I don't
> have to worry about the other UIDs.
<snip> Yes, this is also advisable. However, I can come along and add Marc Mutz <mmutz@uni-paderborn.de> to my list of UIDs and - given such a user (e.g. Micheal Mutz) exists, and he hasn't got a PGP key on the keyserver (yet), my key is produced on a search. It comes down hoe 'hard' you personal certification policy is. Some certify onlt the name part and don't care about the mail addresses (e.g. c't pgpCA) and others (e.g. P. Palfrader) check the mail addresses, too. Marc - -- Marc Mutz <Marc@Mutz.com> http://marc.mutz.com/ http://www.mathematik.uni-bielefeld.de/~mmutz/ http://EncryptionHOWTO.sourceforge.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7VyfV3oWD+L2/6DgRAtuYAJ9ainVYXqvIK/vO12mWvnYNqKNbOwCgxHH8 MkiNT3r48PVaQX7rIeWKGSU= =Zf91 -----END PGP SIGNATURE-----