can someone verify the gnupg Fingerprint for pubkey?

Robert J. Hansen rjh at sixdemonbag.org
Thu Jun 7 18:52:56 CEST 2012


On 6/7/12 12:32 PM, Werner Koch wrote:
> That is actually a bit funny: I never asked anyone to sign that key. 
> Probably they deduced the correctness from my regular key which I
> used to sign the above key.  That is not a surprise; I have seen
> many signatures on my keys from people I never met.

Perhaps it would be worthwhile to add a question to the signing process:
"Have you met this person face-to-face and verified his/her identity?
(y/N)"  If the user answers no, display a warning that the user probably
wants to lsign, not to sign, and give the option of making an lsign instead.

It might cut down on certifications such as these...



More information about the Gnupg-users mailing list