Is self-signing necessary? Basic questions.
Hauke Laging
mailinglisten at hauke-laging.de
Sun Jan 2 18:04:53 CET 2011
Am Sonntag 02 Januar 2011 13:27:23 schrieb MFPA:
> 2. What statement would such a signature actually be making?
The same statement like a signature of a useless UID (without useful name and
email address) like "fubar". Leaving out a useless UID can hardly change
anything.
The formal statement is "I had access to this key and I had some reason to
sign it". As with signing normal UIDs the real statement does not come from
the signature itself but from the certification level statement and the
certification policy which is described in a signed document (signed by the
certifiers of the key, too...) whose URL is contained in the signature... (see
--cert-policy-url).
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110102/0b2b37e7/attachment.pgp>
More information about the Gnupg-users
mailing list