Signing a key (meaning)

MFPA expires2011 at
Sat Apr 9 14:26:38 CEST 2011

Hash: SHA512


On Friday 8 April 2011 at 11:58:09 PM, in
<mid:20110408225809.156930 at>, Jan Janka wrote:

>>But the e-mail access control check *does* protect
>>against the attack scenario where at the time of
>>keysigning, Eve does *not* have access to Bob's inbox.

> Yes, but the fingerprint check already protects against
> that, so why do we need another check?

Please describe how checking key fingerprints is in any way related to
email addresses.

My understanding is that there is a three-point check:-

1. checking the fingerprint to ensure you have the correct key.
2. checking identity documents to ensure it is the correct person.
3. sending an encrypted message to ensure somebody controlling that
   key can receive emails at that address.

> 1. John tells me john at
> 2. I believe him he has access to john at (see former email).
> 3. I find keys on the server by looking for john at
> 4. I choose "John Smith <john at>", because I know his name.
> 5. I make a fingerprint check on the phone (I know his voice).
> 6. I sign the key.
> 7. I upload the signed key to the keyserver.

Number 7 is a very rude thing to do. Much better to email the signed
key to John Smith and let him decide whether or not to publish it with
your signature on it.

Better still to encrypt that message to the key you have just signed,
so that only a person in control of that key has access to the copy
bearing your signature. Then delete the exportable signature from your
own copy of that key and replace it with a local signature, so that
you don't accidentally send it to a server bearing your signature,
potentially against John Smith's wishes.

- --
Best regards

MFPA                    mailto:expires2011 at

ETHERNET(n): device used to catch the Ether bunny


More information about the Gnupg-users mailing list