can`t verify signature

Gustavo Vasconcelos gustavo.hlv@gmx.net
Sat Jul 26 19:30:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, All.

Adrian 'Dagurashibanipal' von Bidder wrote on 26-07-2003 05:53:
|
| That's not what they did. Look at the key again - the names are
| not signatures, they're userids! (...)

All right, all right!

Yes, you are right! When I saw the key I really tought it was a public
key with employes signatures (I always use the keyservers with
op=vindex), I didn't notice they where UID's.

And yes, sharing a public AND a secret key among the employers is just
a complete nonsense. And everyboddy probably knows the same passphrase.

The idea of a corporate key is good and should be encouraged, but this
is loco.

| Although it's open to debate
| whether every employee should sign the corporate key or not

Well, I think that yes, the employees should sign the corporate key.
If one of them hasn't signed the corporate key is a reason to make it
suspicious for the contacts of this special employee.

"I always talk to Mike at XYZ Inc., but he was not avaible yesterday,
and another person gave me this corporate key. But it don't have
Mike's signature, so I guess I'm being tampered."

| cheers
| -- vbi

Again, thanks for pointing it.

[]'s
Gustavo


- --

This message is protected with OpenPGP digital security features.
OpenPGP KeyID: 0xFF006747

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/Iq4cGVGVi/8AZ0cRAiyQAJ9WhNbYWOAD5fLHqVDfWbeTfwfx/ACeKtkQ
ZR7bAyx+8OwDrYPkzYXMhsk=
=AYaM
-----END PGP SIGNATURE-----