Key signing...

[Thomas Arend]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Sonntag, 2. M=E4rz 2003 20:01 schrieb Per Tunedal:
> Hi,
>
> At 18:27 2003-03-02 +0100, you wrote:
>  >Am Sonntag, 2. M=E4rz 2003 13:43 schrieb Per Tunedal:
>  >> Hi Peter,
>  >>
>  >> At 21:37 2003-03-02 +1100, Peter Lavender wrote:
>  >>  >Hi Everyone,
>  >>  >
>  >>  >As I currently understand it, the idea is to get my own key signe=
d by
>  >>  >others.  Once my key is signed by someone else, they export it
>  >>
>  >> They may export the signed key to a keyserver and anyone updating t=
he
>  >> key from the keyserver will learn about the new signatures. You may
>  >> download your own key with the new signatures from the keyserver as
>  >> welll.
>  >
>  >IMHO the signer should send the signed key to the owner and let the o=
wner
>  >decide if he wants the signatuer or not.
>  >
>  >After a key signing party you may get a lot of signatures and the key
>  > owner should decide wich signatures he will accept and upload.
>  >
>  >
>  >Best regards
>  >
>  >Thomas
>
> Unfortunately the key owner cannot decide on what signatures to "accept=
" as
> anyone can sign a key and anyone can send the signed key to a key serve=
r.

You are right. It's unfortunately not possible to hinder somebody to sign=
 my=20
key and updateing a key-server.

I someone signs my key, sends it back to me then I can decide to ignore t=
he=20
signing or to import it into my keyring and send it to the keyserver myse=
lf.

I think it's a question of courtesy not to send foreign keys directly to =
the=20
key-server.


Thomas Arend
>
> It's up to you to decide which signatures to trust. If a key that is ne=
w to
> you is signed by several others you might be lucky to find it signed by
> someone you trust. That's the WOT.
>
> Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+YmvS2TqsmTFMxwkRAi+vAKC36LFuUmn0m96ssH696DuTSfQUkgCdHzYq
wDK8tno6mjXFm+EhXaaq+B0=3D
=3D0F25
-----END PGP SIGNATURE-----