Sat Jun 7 03:28:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
- --- Daniel Luebke <email@example.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi Everybody!
> I have a question about keysigning: What do you think of signing
> person (or having a keysigning party) which is conducted through
> On the one hand it would be a great opportunity to establish
> can show your passport into the camera, the picture must match
> person), on the other hand you're doing this through an
> (internet- or telefon-line-link) which you could indicate
> What are your opinions about this topic?
I still think there is no substitute for an in-person meeting with
a photo ID.
For an organized keysigning, I can't think of a better method than
the following outline (see URL below) to make sure that everybody
is "singing from the same sheet music"--without laboriously going
through every key fingerprint in the group. This method provides
enough confidence that everybody has checked their own key's
fingerprint (at home) from the pre-distributed public key block,
and then agrees (in the group) that they have derived the same md5
hash for the pre-distributed public key block as everyone else. As
a final safeguard, you can send the keys that you sign to the
owners, encrypted with the same public key that you just signed.
Efficient Group Key Signing Method
Document Author: Len Sassaman
gpg: Signature made Thu 11 Apr 2002 04:44:40 PM CDT using RSA key
gpg: Good signature from "Len Sassaman <firstname.lastname@example.org>"
gpg: aka "L. Sassaman <email@example.com>"
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
Primary key fingerprint: B115 73A8 91A8 05DC B26D CBEB 4A0A 8149
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----