discussion on increasing amount of gpg signatures...
Mark Brown
broonie@sirena.org.uk
Sun Oct 14 17:55:01 2001
On Fri, Oct 12, 2001 at 09:29:01PM -0600, Matt Armstrong wrote:
> Verifying that the key holder has control of the key's e-mail address
> isn't part of many key signing party verification procedures, especially
> less formal ones. I'm looking at the "GPG Keysigning Party HOWTO" and
> the "comp.security.pgp FAQ" here.
Indeed. A lot of people will just sign all IDs on a key so even if
there is some e-mail verification other identitites will get signed too.
This frequently seems to include signing revoked identities - it might
be nice if GPG would complain when asked to sign something with a self
revocation certificate.
--
"You grabbed my hand and we fell into it, like a daydream - or a fever."