can`t verify signature

Ben Finney
Sat Jul 26 11:30:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 26-Jul-2003, Gustavo Vasconcelos wrote:
> So, if a company decides to act as a CA for their emplyes, what's
> wrong with that?

Nothing (if you accept the doctrine of CAs, which is a whole other

The discussion of this particular key arose because the key has
*different people* listed as UIDs on the key.  A key should be bound to
an individual, not multiple persons.

> I could even sign the corporate key, if I could check the
> documentation of the company, and the identifications of its CEO's.

That wouldn't be too useful; by definition, a CA is ultimately trusted
by those who (must) use it.  Signing its key adds nothing to the trust

> I have pubkeys with pseudonyms. Is that wrong?

No, so long as each one is bound only to you, and can't be used by
multiple people.

Also, if no-one can connect the key to you, it will (hopefully) never be
signed, so it is outside the web of trust.  This doesn't render it
useless, though.

 \      "I put instant coffee in a microwave oven and almost went back |
  `\                                       in time."  -- Steven Wright |
_o__)                                                                  | F'print 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (GNU/Linux)