discussion on increasing amount of gpg signatures...

[Florian Weimer]

Evan Prodromou <evan@prodromou.san-francisco.ca.us> writes:

>>>>>> "MA" == Matt Armstrong <matt@lickey.com> writes:
>
>     MA> Verifying that the key holder has control of the key's e-mail
>     MA> address isn't part of many key signing party verification
>     MA> procedures, especially less formal ones.
>
> This is extremely true. One way to ameliorate this is to use a
> challenge-response pair for each e-mail address on the key.

IIRC, the most obvious challenge-response protocol (and the most
sensible one) for certifying keys has been patented, and I don't know
if the extension to cover (multiple) email addresses is enough to
bypass this patent.  (Just in case if you want to do this more
regularly.)