Importance of creation date in keysigning

Neil Williams
Thu Jul 10 19:31:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 08 Jul 2003 5:34 pm, J=FCrgen A.Erhard wrote:
> Is the date of a key's creation in any way important when signing a key?

Only if one person has multiple keys with the same UID/comment/email line -=
that could happen if someone is meticulous about expiring their main key on=
regular basis and starting again with a new one. If you did sign such a key=
you'd be best agreeing that s/he sends you an encrypted email with the=20
fingerprint of his new key and to sign the email with the new key, just=20
before it expires so that you can sign the new one once you've got it from =
keyserver etc. S/He'll still have the fingerprint of your key so should sig=
that with his new key without further ado.

After all that, if you use a long/no expiry on your key and you don't have=
multiple keys with the same UID/comment/email, then no, I don't see that th=
creation date matters one jot.


(Always take the long way round.)

> I'm asking because I'm unsure whether to put my key's date on my
> business card (which will be mainly used for key signing purposes, and
> I need it for the upcoming LinuxTag).


Usually, a printed slip to verify your key just has the output from:
$ gpg --with-fingerprint --list-key <mykeyid>


gpg --with-fingerprint --list-key 28bcb3e3
pub  1024D/28BCB3E3 2002-01-27 Neil Williams (CodeHelp) <
     Key fingerprint =3D 4CD4 6644 C105 48ED CA28  EC36 8801 094A 28BC B3E3
uid                      N Williams (CodeHelp) <>
uid                      Neil Williams (Linux User Group) <
uid                      Neil Williams (general) <>
uid                      Neil Williams (Devon and Cornwall LUG)=20
sub  1024g/AD3CB326 2002-01-27

With your passport/photo ID and some form of email address verification, (e=
corespondence on a mailing list or at least on several occassions including=
details likely to only be known by the right person), you should have enoug=
for almost anyone to be happy to sign your key.

> Bye, J
> PS: LinuxTag starts Thursday!  I'll split my time between the KaLUG
> booths (look for the Internet Cafe) and the Debian booth (most
> likely).  Just in case someone wants to meet up...


Neil Williams

Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)