Privacy Implications Of Signing Keys
alphasigmax at gmail.com
Sat Jun 18 06:52:29 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
> Not to mention that anyone can sign keys, independant of the will of the
> key's owner. (I think a protocol to actually remove unwanted sigs from a
> key may be useful. (ie, a way to have the removal propagated by the
> keyservers)) For instance, a friend of mine apperently signed my key
> with a couple nonsense keys he generated just to emphasize the point.
Yes, signatures on a key should probably be revokable by the keys owner.
But it would take a newer version of the OpenPGP standard for this to
happen. Anyway, a signature on a key means nothing whatsoever unless you
happen to trust the key that issued the signature, so unless you
countersigned the key that signed yours, there is a high degree of
OpenPGP key: 0xF874C613 - http://tinyurl.com/cc9up
There are two kinds of people: those who say to God, 'Thy will be done,'
and those to whom God says, 'All right, then, have it your way.' - C. S.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users