key question

[David Shaw]

On Feb 26, 2010, at 4:03 PM, MFPA wrote:

> Not including your name or your email address in the UID offers
> protection against the accidental upload scenario. But somebody could
> still generate a key with a UID suggesting nefarious activities, sign
> your key with it, and upload it. Or their UID could simply identify
> whose was the key with the obfuscated UID.

The nefarious UID signature is not uncommon.  There are many "president at whitehouse.gov" keys (and other famous figures) that have signed well-known keys.  It's just easily-ignored noise, though, and has no impact on the web of trust.

David