Key signing...

Per Tunedal
Sun Mar 2 13:44:01 2003

Hi Peter,
At 21:37 2003-03-02 +1100, Peter Lavender wrote:
 >Hi Everyone,
 >As I currently understand it, the idea is to get my own key signed by
 >others.  Once my key is signed by someone else, they export it

They may export the signed key to a keyserver and anyone updating the key 
from the keyserver will learn about the new signatures. You may download 
your own key with the new signatures from the keyserver as welll.

 >send it back to me, at which point I import it.

And you should send your key to a keyserver to let everybody know about the 
new signature.

 >Now their signature
 >is included when I sign emails.

NO, their signature is not included when you sign. It's added to the public 
key and is always visible, weather you sign something or not.

 >This how the WoT works isn't it?
 >It seems to make sence to me, otherwise if my key is signed and never
 >sent to me, how will anyone else who recieves a signed email from me
 >know who else trusts my signature?

The receiver sets a trust according to first hand knowledge about your key 
or according to signatures from others he trusts. If the receiver hasn't 
put any trust into your key he will get a message like "there is nothing 
that implies that the key belongs to the owner".


Per Tunedal