Delete key from keyserver

zvrba at zvrba at
Sun Oct 23 09:15:51 CEST 2005

On Sat, Oct 22, 2005 at 10:14:58PM +0100, Neil Williams wrote:
> ? That key has NO signatures other than yourself! There's no way anyone can 
> trust it. There are NO paths.
It does, look at:

Both are signed by my master key which in turn is signed by a friend. My
scheme is having one "master key" and then I get people to sign that
master key, which I in turn use to sign my other ad-hoc keys.

To avoid further confusion, the key is signed by zeljko.vrba at

> Sorry to hear that but how hard have you tried? Have you travelled to 
Now I'm going to hide.. in fact, not. I tried finding someone while
writing the previous mail and.. well, I've succeeded.

> Keysigning is testifying to the world that you have verified the person, the 
> fingerprint and the email.
I'm aware of that.

> If you want a formalised external method of identity verification, consider 
> using x.509 and people like Thawte will provide an alternative to GnuPG's 
> personal (face-to-face) methods.
Actually, at one point in time I did think about getting myself a "real"
X.509 certificate and use it as "my own CA" certificate by which I sign
my other ad-hoce keys as I see fit. The thing I don't like about commercial
X.509 certificates is their short lifetime. It's a pure ripoff and no-work
money generator for the CA, after you get your 1st certificate.

I have yet to play a bit with gpgsm and see how well can you mix PGP and
X.509 keys. I.e. can I use my X.509 cert to sign other people OpenPGP keys?
Can I at least re-use the X.509 private key for my own OpenPGP key?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051023/19a26881/attachment.pgp

More information about the Gnupg-users mailing list