FAQ, take two

Charly Avital shavital at gmail.com
Mon Jun 4 22:39:15 CEST 2012

Robert J. Hansen <4FCC11F2.6050303 at sixdemonbag.org> June 4, 2012 4:22:54
PM wrote:


> Also, if there are any questions you feel are missing, throw them out
> too.  Thank you!

Section "4.7 How do I validate another person’s certificate?" does not
deal with what one should do once she/he has signed another person's
certificate (after completing the validation process).

I believe the etiquette is that the signed key block should be returned
to the certificate's owner, for her/him to do what he/she deems
convenient, e.g. upload it to a keyserver.

The signer himself/herself should not upload the sign key block to a key
server, or publish it in any other way, without the certificate's owner
explicit authorization or request.

That may be hair splitting and not etiquette, but I believe the issue
should be clarified. I have had at least two of my certificates signed
by someone with whom I had never gone through any kind of validation
process, or even discussed the possibility of such a process. The person
just signed my certificate and uploaded it to a keyserver.

End of rant.

More information about the Gnupg-users mailing list