What policy for signing keys do you use?

Thorsten Haude linux at thorstenhau.de
Wed Dec 28 23:04:37 CET 2005


* Thomas Widhalm wrote (2005-12-28 22:50):
>So how do you deal with signatures? Is it irresponsible signing keys just with 
>because of them being on a website with a fingerprint? Is it sufficient if 
>you give "haven't checked anything" or "checked marginally" while signing. Or 
>is this just for the local trustdb?

Nope, only sign what you *know*. If the data you mentioned above (key
ID, fingerprint) is freely available on a website, everyone can get it
and there is no point in signing it.

I'm only talking about non-local signatures of course. Locally, do
whatever makes you smile the most.

>What about keys without real names but just nicknames?

No signature from me unless I know them personally.

(Not looking forward to yet another absence mail from this Kramer guy.
Could he *please* thrown off the list?)

I was amazed today to find out how much Windows
can actually be used for useful things.
    - Donald E. Knuth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051228/007183f7/attachment.pgp

More information about the Gnupg-users mailing list