can`t verify signature

David Shaw
Sat Jul 26 21:27:19 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 25, 2003 at 06:30:29PM +0100, Neil Williams wrote:
> On Friday 25 Jul 2003 5:44 pm, Adrian 'Dagurashibanipal' von Bidder wrote:
> > Well, this is OT, but I found it while searching for John Aldrich's key=
> >
> > 8D5E4057 shows a very ... errrm ... interesting mode of use for PGP - w=
> > you sign this key????
> Absolutely not. Who are you verifying?

You are verifying the user ID.  There is nothing wrong with such a
key.  It is a perfectly valid (though uncommon) thing to do.

Remember that "signing a key", is really signing a user ID.  You would
have to sign each of these user IDs individually, and if you believe
that each of those user IDs honestly reach the owner of the key, then
you are quite correct in signing them.  At the same time, if you
believe only one of the user IDs is valid, you can sign that one which
does not give any validity to the others.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at