Key signing...

markus_kampkoetter markus_kampkoetter@t-online.de
Mon Mar 3 13:32:01 2003


(snip)
> Am Sonntag, 2. März 2003 20:01 schrieb Per Tunedal:
> > Hi,
> >
> > At 18:27 2003-03-02 +0100, you wrote:
> >  >Am Sonntag, 2. März 2003 13:43 schrieb Per Tunedal:
> >  >> Hi Peter,
> >  >>
> >  >> At 21:37 2003-03-02 +1100, Peter Lavender wrote:
> >  >>  >Hi Everyone,
> >  >>  >
> >  >>  >As I currently understand it, the idea is to get my own key signed by
> >  >>  >others.  Once my key is signed by someone else, they export it
> >  >>
> >  >> They may export the signed key to a keyserver and anyone updating the
> >  >> key from the keyserver will learn about the new signatures. You may
> >  >> download your own key with the new signatures from the keyserver as
> >  >> welll.
> >  >
> >  >IMHO the signer should send the signed key to the owner and let the owner
> >  >decide if he wants the signatuer or not.
> >  >
> >  >After a key signing party you may get a lot of signatures and the key
> >  > owner should decide wich signatures he will accept and upload.
> >  >
> >  >Best regards
> >  >
> >  >Thomas
> >
> > Unfortunately the key owner cannot decide on what signatures to "accept" as
> > anyone can sign a key and anyone can send the signed key to a key server.
>
> You are right. It's unfortunately not possible to hinder somebody to sign my 
> key and updateing a key-server.
>
> If someone signs my key, sends it back to me then I can decide to ignore the 
> signing or to import it into my keyring and send it to the keyserver myself.
>
> I think it's a question of courtesy not to send foreign keys directly to the 
> key-server.

well, its a public key. and: i would not sign a key easily, that means without 
knowing the behavior of the owner (thats where i can use the local signing 
option). and if i (believe to) know his or her behavior, then its not very 
"foreign". and in case i know that you don t want me to upload your key (signed 
by me) to the keyservers of course i wouldn t ;)
OTOH, the principle is what Per said.

> Thomas Arend
> >
> > It's up to you to decide which signatures to trust. If a key that is new to
> > you is signed by several others you might be lucky to find it signed by
> > someone you trust. That's the WOT.
> >
> > Per Tunedal

regards
--
markus kampkoetter