key-signing for pseudonyms

Atom 'Smasher' atom-gpg at
Sat May 15 18:25:11 CEST 2004

Hash: SHA1

here's a thought....

let's say i meet someone and their key-name is a pseudonym. we want to
sign each others' keys, but i have no idea who this person is.

we can generate a random string (while face-to-face) and each write that
down on paper (taking precautions that this shared secret remains secret).
later, i generate (by myself) a second random string and email it to them,
encrypted and signed. when they mail me back both strings, encrypted and
signed, i sign their key and send it back encrypted (and delete my local
copy of their key signature). when the signature appears publicly, can
there be much doubt that i'm dealing with the same person i met?

if both of us are using pseudonyms, we agree on two random strings when we
meet... one string is their secret that they confirm with me, the other is
my secret that i confirm with them.

how secure (trusted?) is such a protocol?

what level of trust (signature) would this earn?

in such a situation, what disclaimers might someone use in a policy-url?


 PGP key -
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

	"The hottest places in hell are reserved for those who in
	 times of great moral crises maintain their neutrality."
		-- Dante Aleghieri (1265-1321)
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list