key-signing for pseudonyms

Thomas Sjögren thomas at northernsecurity.net
Tue May 18 23:35:08 CEST 2004


On Tue, May 18, 2004 at 03:10:19PM -0400, Atom 'Smasher' wrote:
> do you mean only the owner of the key can decrypt?
> or only the owner of the key can use?

i used the term holder (which might be the incorrect word, sorry about
that) since the secret key could be stolen. owner, which hopefully is the creator 
of the key pair, has the same meaning. sorry for the confusion.

> if you mean the latter, then it serves no purpose in the web of trust.

you're right, using a signature type only viewable by the signer and
the person whose key have been signed will break the WoT. It will
however make the creation of sociograms based on the info available on
available key servers impossible.

> or... do you mean i signature that's not easily traced back to the signer?
> in which case, one could generate keys all day long, use them to sign
> their dubious key... which would seem to only pollute the web of trust.

you could generate keys all day long and pollute the web of trust now if
you wanted to. there wouldn't be much difference.

/Thomas
-- 
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040518/3531de6e/attachment.bin


More information about the Gnupg-users mailing list