Any value to duplicate signatures?

Doug Barton dougb at
Sat Mar 2 10:51:07 CET 2013

Hash: SHA256

On 03/02/2013 01:20 AM, Ben McGinnes wrote:
| On 2/03/13 7:14 PM, Doug Barton wrote:
|> I am pretty sure the answer to this question is "no," but I
|> thought I'd ask just in case. I've attended a conference for the
|> last 2 years where there was a PGP key signing. Several of the
|> people who signed my key last year were present again this year,
|> and sent me signatures again.  The signatures are from the same
|> keys, same certification level, everything. The only thing
|> different is the date of the signature (obviously).
|> So the question is, what value, if any, would there be to
|> importing those signatures, and sending them out to the key
|> servers? I know that the various -clean options will strip that
|> down to the most recent, I'm just curious. :)
| I can think of two reasons why there may be some value in including
| the second signatures.  The first being if you have added a new UID to
| your key and the new signatures are now applied to that.

I should have been more explicit that this is not the case.

| The second
| being to show that the key is consistently under your control.

But new signatures don't actually prove that, right? The person
generating the signature could just as easily have uploaded it to the
key server themselves. In this case that didn't happen, but the fact
that new signatures appeared doesn't actually prove anything.

Thanks for your response in any case.

Version: GnuPG v2.0.17 (GNU/Linux)


More information about the Gnupg-users mailing list