Importance of creation date in keysigning
Thu Jul 10 19:31:02 2003
Content-Description: signed data
On Tuesday 08 Jul 2003 5:34 pm, J=FCrgen A.Erhard wrote:
> Is the date of a key's creation in any way important when signing a key?
Only if one person has multiple keys with the same UID/comment/email line -=
that could happen if someone is meticulous about expiring their main key on=
regular basis and starting again with a new one. If you did sign such a key=
you'd be best agreeing that s/he sends you an encrypted email with the=20
fingerprint of his new key and to sign the email with the new key, just=20
before it expires so that you can sign the new one once you've got it from =
keyserver etc. S/He'll still have the fingerprint of your key so should sig=
that with his new key without further ado.
After all that, if you use a long/no expiry on your key and you don't have=
multiple keys with the same UID/comment/email, then no, I don't see that th=
creation date matters one jot.
(Always take the long way round.)
> I'm asking because I'm unsure whether to put my key's date on my
> business card (which will be mainly used for key signing purposes, and
> I need it for the upcoming LinuxTag).
Usually, a printed slip to verify your key just has the output from:
$ gpg --with-fingerprint --list-key <mykeyid>
gpg --with-fingerprint --list-key 28bcb3e3
pub 1024D/28BCB3E3 2002-01-27 Neil Williams (CodeHelp) <email@example.com.=
Key fingerprint =3D 4CD4 6644 C105 48ED CA28 EC36 8801 094A 28BC B3E3
uid N Williams (CodeHelp) <firstname.lastname@example.org>
uid Neil Williams (Linux User Group) <email@example.com=
uid Neil Williams (general) <firstname.lastname@example.org>
uid Neil Williams (Devon and Cornwall LUG)=20
sub 1024g/AD3CB326 2002-01-27
With your passport/photo ID and some form of email address verification, (e=
corespondence on a mailing list or at least on several occassions including=
details likely to only be known by the right person), you should have enoug=
for almost anyone to be happy to sign your key.
> Bye, J
> PS: LinuxTag starts Thursday! I'll split my time between the KaLUG
> booths (look for the Internet Cafe) and the Debian booth (most
> likely). Just in case someone wants to meet up...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----