Driving licence as identification and accepting signed keys without exchanging encrypted data

Ingo Klöcker kloecker at kde.org
Tue Jul 25 10:05:16 CEST 2006

Am Dienstag, 25. Juli 2006 08:43 schrieb Atom Smasher:
> On Mon, 24 Jul 2006, David Shaw wrote:
> > Note that there is a difference between what page at
> > http://www.hantslug.org.uk/cgi-bin/wiki.pl?LinuxHints/KeySigning
> > says and what you say above.  The page (correctly) notes that all
> > that is necessary is that the person *sign* the challenge before
> > sending it back to you.  The page makes clear ("encrypted, if you
> > like") that encryption is optional here, and adds little to what
> > you are trying to prove.  It doesn't matter if other people can
> > read the signed challenge or not. Of course, it doesn't hurt to
> > encrypt, so long as it is understood that it doesn't really help
> > either.
> ======================
> other than adding an extra step to the process, what is gained by
> signing a challenge instead of encrypting a key certification (key
> signature) to the recipient's public key?

Please (re-)read the recent thread (mentioned by David) where we 
discussed this.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060725/f3665bff/attachment.pgp

More information about the Gnupg-users mailing list