explain nrsign & lsign?
David Shaw
dshaw at jabberwocky.com
Sun Jan 28 21:00:08 CET 2007
On Sun, Jan 28, 2007 at 11:20:18AM -0800, snowcrash+gnupg-users wrote:
> > YES, this would do it;
>
> ok. thanks.
>
> > however, proper etiquette would be to *not* send
> > B's Key to the Servers, but rather to returned it 'Signed' to B and let
> > B make any 'publication' decisions/actions.
>
> understood.
>
> > There are folks who are
> > _very_ picky about their Keys being in General Circulation!
>
> that said, is there any reason NOT to (or, any advantage to ...):
>
> *l*sign "B" with "A", and, therefore, NOT distribute "A" to the
> keyservers &/or via export -- and, instead, reference the "A"
> trust-ing-pubkey @ a web page?
No, there is no point in doing this as the main point of signing a key
is so that GnuPG (or PGP) can use the signature in its trust
calculations to decide if a given key is valid or not. If you post
your signature values on a web page somewhere (presumably in a human
language), GnuPG can't read it and understand it, and so that
information is not usable.
David
More information about the Gnupg-users
mailing list