key-signing for pseudonyms

Greg Sabino Mullane greg at turnstep.com
Mon May 17 01:55:32 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
 
> so, if i'm at a conference and i want to exchange key signatures with
> people, i can prove that i currently control this email address and key by
> sending some secrets back and forth.... not a problem... but if i want to
> "prove" that i'm atom smasher...?? that could be tough...
 
I probably would not sign the key of someone who had only signed it with
a pseudonym, as a couple of forms of picture IDs (esp. government-issued)
are usually a minimal requirement for me.
 
As far as the email, perhaps it should be mentioned stronger in the
documentation, but how else are you going to get the signed key
back to the person? I always do this by email - if they don't control
the email, they don't get my signature on their key*. Some people upload
keys automatically to a keyserver after signing of course, but this
is not only rude (if the recipient does not want their key put there)
but dangerous, as it bypasses the email check.
 
> in any case, i'm still looking for suggestions on proving a
> pseudononymous identity....
 
I think the best you can get is an email validation. There is little
else that can be proved or disproved if the rest of the uid is
just an arbitrary name with no real-world connection. Maybe if
you had an ID with "Adam S. Masher"? :)
 
* Nor do they get it unless they sign mine as well!
 
- --
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 200405161955
 
-----BEGIN PGP SIGNATURE-----
 
iD8DBQFAp//SvJuQZxSWSsgRAmrOAJ0YBZMJj++dvq25pyJZ/cts45dD4ACg4r/6
AG+qf+ZaJnkrFYTNJHnmxoI=
=qbL6
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list