Key signing...

Thomas Arend Thomas.Arend@t-online.de
Sun Mar 2 18:27:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Sonntag, 2. M=E4rz 2003 13:43 schrieb Per Tunedal:
> Hi Peter,
>
> At 21:37 2003-03-02 +1100, Peter Lavender wrote:
>  >Hi Everyone,
>  >
>  >As I currently understand it, the idea is to get my own key signed by
>  >others.  Once my key is signed by someone else, they export it
>
> They may export the signed key to a keyserver and anyone updating the k=
ey
> from the keyserver will learn about the new signatures. You may downloa=
d
> your own key with the new signatures from the keyserver as welll.

IMHO the signer should send the signed key to the owner and let the owner=
=20
decide if he wants the signatuer or not.=20

After a key signing party you may get a lot of signatures and the key own=
er=20
should decide wich signatures he will accept and upload.


Best regards

Thomas

>
>  >send it back to me, at which point I import it.
>
> And you should send your key to a keyserver to let everybody know about=
 the
> new signature.
>
>  >Now their signature
>  >is included when I sign emails.
>
> NO, their signature is not included when you sign. It's added to the pu=
blic
> key and is always visible, weather you sign something or not.
>
>  >This how the WoT works isn't it?
>  >
>  >It seems to make sence to me, otherwise if my key is signed and never
>  >sent to me, how will anyone else who recieves a signed email from me
>  >know who else trusts my signature?
>
> The receiver sets a trust according to first hand knowledge about your =
key
> or according to signatures from others he trusts. If the receiver hasn'=
t
> put any trust into your key he will get a message like "there is nothin=
g
> that implies that the key belongs to the owner".
>
>  >Pete
>
> Per Tunedal
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Yj8S2TqsmTFMxwkRAiRMAJ0Wm2t3RFDMP1RUMMqVlzZsOE1eygCfYVmk
jxjqRgGp0yjwDwa4/U06Eik=3D
=3DdV9j
-----END PGP SIGNATURE-----