Any value to duplicate signatures?

Doug Barton dougb at dougbarton.us
Sat Mar 2 10:51:07 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/02/2013 01:20 AM, Ben McGinnes wrote:
| On 2/03/13 7:14 PM, Doug Barton wrote:
|
|> I am pretty sure the answer to this question is "no," but I
|> thought I'd ask just in case. I've attended a conference for the
|> last 2 years where there was a PGP key signing. Several of the
|> people who signed my key last year were present again this year,
|> and sent me signatures again.  The signatures are from the same
|> keys, same certification level, everything. The only thing
|> different is the date of the signature (obviously).
|
|> So the question is, what value, if any, would there be to
|> importing those signatures, and sending them out to the key
|> servers? I know that the various -clean options will strip that
|> down to the most recent, I'm just curious. :)
|
| I can think of two reasons why there may be some value in including
| the second signatures.  The first being if you have added a new UID to
| your key and the new signatures are now applied to that.

I should have been more explicit that this is not the case.

| The second
| being to show that the key is consistently under your control.

But new signatures don't actually prove that, right? The person
generating the signature could just as easily have uploaded it to the
key server themselves. In this case that didn't happen, but the fact
that new signatures appeared doesn't actually prove anything.

Thanks for your response in any case.

Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iQEcBAEBCAAGBQJRMcuLAAoJEFzGhvEaGryEfyoIAKQQ4lGSLihHduF0XgUTTEhD
rKT1WBX4dtEKjGxTp+C5XFQ/ZVu2yyntlOoOf++SAqx2xT/Hr3F4iWag1KTkJlbM
+Sj0NV9BrJlVw6q+vfWZ9fp+xe6ij7ETjpc3MWGFUzDD7Nbzh4/QNp78hZ/r3ua1
1DD4hpvnkGYXghqf4nEMfJfK2hoP7qYvEe/8tLuB1J2NAGkh3+9fi10YWEMdkasD
muCBkeAi8ykhYQckF3nTkHM/56yjT5meJhw6vOcotmYiMZws4amgLEEpZv2nKv/x
oCqFNUca2VP7TxnTlw1e8BJdYs5Exiopssc9y3U9VP7emk3rd1g2y5ZDG060YPs=
=yt6E
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list