can`t verify signature
Sat Jul 26 11:30:02 2003
Content-Type: text/plain; charset=us-ascii
On 26-Jul-2003, Gustavo Vasconcelos wrote:
> So, if a company decides to act as a CA for their emplyes, what's
> wrong with that?
Nothing (if you accept the doctrine of CAs, which is a whole other
The discussion of this particular key arose because the key has
*different people* listed as UIDs on the key. A key should be bound to
an individual, not multiple persons.
> I could even sign the corporate key, if I could check the
> documentation of the company, and the identifications of its CEO's.
That wouldn't be too useful; by definition, a CA is ultimately trusted
by those who (must) use it. Signing its key adds nothing to the trust
> I have pubkeys with pseudonyms. Is that wrong?
No, so long as each one is bound only to you, and can't be used by
Also, if no-one can connect the key to you, it will (hopefully) never be
signed, so it is outside the web of trust. This doesn't render it
\ "I put instant coffee in a microwave oven and almost went back |
`\ in time." -- Steven Wright |
email@example.com F'print 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----