key question

Robert J. Hansen rjh at
Fri Feb 26 17:24:22 CET 2010

On 2/26/10 9:49 AM, MFPA wrote:
> I thought signing somebody's key was just stating to the world that
> you believe the claimed identity of the person who controls that key
> at the time you are signing it - not an indication that you are in any
> way "associated."

I'm scratching my head here trying to figure out how you can reasonably
affirm the claimed identity of the person who controls the key if you
are in no way associated with them.

A signature on a key says, "I believe this key really corresponds to
this person."  But if you have no association whatsoever with that
person, how can you make a signature?  The existence of the signature
necessitates at least *some* association.

Even a trusted timestamp service that makes signatures without any human
intervention makes an association claim: "at this date and time, someone
sent this document to me for signing."

More information about the Gnupg-users mailing list