What policy for signing keys do you use?
Thorsten Haude
linux at thorstenhau.de
Wed Dec 28 23:04:37 CET 2005
Hi,
* Thomas Widhalm wrote (2005-12-28 22:50):
>So how do you deal with signatures? Is it irresponsible signing keys just with
>because of them being on a website with a fingerprint? Is it sufficient if
>you give "haven't checked anything" or "checked marginally" while signing. Or
>is this just for the local trustdb?
Nope, only sign what you *know*. If the data you mentioned above (key
ID, fingerprint) is freely available on a website, everyone can get it
and there is no point in signing it.
I'm only talking about non-local signatures of course. Locally, do
whatever makes you smile the most.
>What about keys without real names but just nicknames?
No signature from me unless I know them personally.
(Not looking forward to yet another absence mail from this Kramer guy.
Could he *please* thrown off the list?)
Thorsten
--
I was amazed today to find out how much Windows
can actually be used for useful things.
- Donald E. Knuth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051228/007183f7/attachment.pgp
More information about the Gnupg-users
mailing list