Signing a key (meaning)

Charly Avital shavital at
Thu Apr 7 18:06:49 CEST 2011

Kevin wrote the following on 4/7/11 9:49 AM:
> If nothing else, it
> establishes that you have some kind of relationship with the owner of
> the key you signed. It may establish that you an he/she were in a
> specific place at a specific time (e.g. a keysigning party), etc. The
> words "no information" must be used with great care, because information
> leaks out of every pore in even the best crypto-systems. Whether that
> information is valuable or useful in some way, to a third party, is
> another matter.

In another forum, one of the members signed my public key and uploaded
it to the keyservers with his/her signature, without asking nor
notifying me (the key was already on the key servers, but without this
added signature)

I didn't invite this person to sign my key.

I don't know this person, never met her/him, never had any contact
except the fact that we both participate in the same forum, together
with other members.

I decided against asking this person to revoke the signature.
I generated a new key pair (that I don't intend to upload to any key
server, but instead I shall send it directly to people whom I correspond
with), and I shall gradually "phase-out" the previous key, until I
finally revoke it.

Yes, I know. Paranoia.


More information about the Gnupg-users mailing list