Driving licence as identification and accepting signed keys
without exchanging encrypted data
Ingo Klöcker
kloecker at kde.org
Tue Jul 25 10:05:16 CEST 2006
Am Dienstag, 25. Juli 2006 08:43 schrieb Atom Smasher:
> On Mon, 24 Jul 2006, David Shaw wrote:
> > Note that there is a difference between what page at
> > http://www.hantslug.org.uk/cgi-bin/wiki.pl?LinuxHints/KeySigning
> > says and what you say above. The page (correctly) notes that all
> > that is necessary is that the person *sign* the challenge before
> > sending it back to you. The page makes clear ("encrypted, if you
> > like") that encryption is optional here, and adds little to what
> > you are trying to prove. It doesn't matter if other people can
> > read the signed challenge or not. Of course, it doesn't hurt to
> > encrypt, so long as it is understood that it doesn't really help
> > either.
>
> ======================
>
> other than adding an extra step to the process, what is gained by
> signing a challenge instead of encrypting a key certification (key
> signature) to the recipient's public key?
Please (re-)read the recent thread (mentioned by David) where we
discussed this.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060725/f3665bff/attachment.pgp
More information about the Gnupg-users
mailing list