explain nrsign & lsign?

John W. Moore III jmoore3rd at bellsouth.net
Sun Jan 28 20:49:47 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

snowcrash+gnupg-users wrote:

> that said, is there any reason NOT to (or, any advantage to ...):
> 
> *l*sign "B" with "A", and, therefore, NOT distribute "A" to the
> keyservers &/or via export -- and, instead, reference the "A"
> trust-ing-pubkey @ a web page?

There is somewhat constant debate over the best method.  Many believe
that Email addresses are 'harvested' from the Servers by bots intent on
increasing the Spammers database.  Many others argue that they haven't
been affected by /increased/ Spam and not publishing to the Servers
negates the ability to Verify a Sig from a Key not currently existing on
the recipients Keyring.  When the Key is on the Servers the 'automatic'
Key Retrieval options in GnuPG & PGP handle this situation quite nicely.

I use both methods.

JOHN :-\
Timestamp: Sunday 28 Jan 2007, 14:49  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-svn4405: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJFvP5ZAAoJEBCGy9eAtCsP3FIH/16WFiom1EAzMTLiowr5XjDP
U5DRnqLNnVDhpGZQeSl6N+F95fN9Y5IP12+WrHDXhmrEI4SERJvk7y/TPwG78D55
W2hrgjnp8I5ibRUfzIEkOoxadOz8vrMi3yg1AyPwpYXNBknewg0BhEpwYGfZqX/8
80kNIg00VsW9+y4CZogzsRSC6KryCUQxgHdiFquyret/gmyj3e6+nyc3zQKQP38J
jzhel0LyLx05CUBeKc4VsBmNwLuCKu4kGON2liS8Rm2wAFnJzmKehLsYbEgkeduq
xiTPcUkjHTojJ+tVkYnf8F00Hwc3Kzb99+FSZ0abRazXQf9fV4bhkDVSZRL1dGg=
=gEkF
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list