key-signing for pseudonyms

Atom 'Smasher' atom-gpg at
Sat May 15 23:17:02 CEST 2004

Hash: SHA1

after reviewing some how-to guides for key-signing parties, they
universally seem to skip any address verification!?!

according to the current how-to guides for a key-signing party, someone
could show up with ID that says "osama bin laden" and a key with my email
address.... the ID checks out with the name on the key-id, and
everything's fine; people sign osama bin laden's key with my email
address... and then the FBI comes knocking on my door.

maybe that's a stretch, but shouldn't confirming an email address be just
as important as confirming a real name? the address could be incorrect
either by accident or malice.


 PGP key -
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

	"If a nation values anything more than freedom, it will lose
	 its freedom; and the irony of it is that if it is comfort
	 or money it values more, it will lose that, too."
		-- W. Somerset Maugham
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list