Importance of creation date in keysigning

Neil Williams linux@codehelp.co.uk
Thu Jul 10 19:31:02 2003 

--Boundary-02=_BNaD/vgvL2QJb9D
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 08 Jul 2003 5:34 pm, J=FCrgen A.Erhard wrote:
> Is the date of a key's creation in any way important when signing a key?

Only if one person has multiple keys with the same UID/comment/email line -=
=20
that could happen if someone is meticulous about expiring their main key on=
 a=20
regular basis and starting again with a new one. If you did sign such a key=
,=20
you'd be best agreeing that s/he sends you an encrypted email with the=20
fingerprint of his new key and to sign the email with the new key, just=20
before it expires so that you can sign the new one once you've got it from =
a=20
keyserver etc. S/He'll still have the fingerprint of your key so should sig=
n=20
that with his new key without further ado.

After all that, if you use a long/no expiry on your key and you don't have=
=20
multiple keys with the same UID/comment/email, then no, I don't see that th=
e=20
creation date matters one jot.

:-))

(Always take the long way round.)

> I'm asking because I'm unsure whether to put my key's date on my
> business card (which will be mainly used for key signing purposes, and
> I need it for the upcoming LinuxTag).

URL?

Usually, a printed slip to verify your key just has the output from:
$ gpg --with-fingerprint --list-key <mykeyid>

e.g.:

gpg --with-fingerprint --list-key 28bcb3e3
pub  1024D/28BCB3E3 2002-01-27 Neil Williams (CodeHelp) <linux@codehelp.co.=
uk>
     Key fingerprint =3D 4CD4 6644 C105 48ED CA28  EC36 8801 094A 28BC B3E3
uid                      N Williams (CodeHelp) <info@codehelp.co.uk>
uid                      Neil Williams (Linux User Group) <neil@dclug.org.u=
k>
uid                      Neil Williams (general) <neil@codehelp.co.uk>
uid                      Neil Williams (Devon and Cornwall LUG)=20
<webmaster@dclug.org.uk>
sub  1024g/AD3CB326 2002-01-27

With your passport/photo ID and some form of email address verification, (e=
=2Eg.=20
corespondence on a mailing list or at least on several occassions including=
=20
details likely to only be known by the right person), you should have enoug=
h=20
for almost anyone to be happy to sign your key.

>
> Bye, J
>
> PS: LinuxTag starts Thursday!  I'll split my time between the KaLUG
> booths (look for the Internet Cafe) and the Debian booth (most
> likely).  Just in case someone wants to meet up...

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_BNaD/vgvL2QJb9D
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/DaNBiAEJSii8s+MRAntVAJ9s0LTkuavgszeeetYrONGrjm/6vwCeLv95
QDxgQNUxXOvBDDK5g8x1KBc=
=buZC
-----END PGP SIGNATURE-----

--Boundary-02=_BNaD/vgvL2QJb9D--