revoked key - was: Re: key-signing for pseudonyms
johanw at vulcan.xs4all.nl
Sun May 23 06:09:50 CEST 2004
Jerry Windrel wrote:
>Alice publishes her legitimate public key. Mallet can obtain Alice's
>public key, replace Alice's name with his own (i.e. Mallet),
He will not be able to self-sign that ID.
>then go to a key signing or notary, etc. and show his I.D. along with the
>public key's fingerprint. Thus he could get lots of signatures attesting
>that Alice's public key really belongs to Mallet.
Without a self signature I wouldn't trust it. And I would not trust
signatures made by notaries who sign non-selfsigned keys, they indicate
the notary in question doesn't know what he's doing.
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users