Any value to duplicate signatures?
ben at adversary.org
Sat Mar 2 12:02:42 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 2/03/13 8:51 PM, Doug Barton wrote:
> On 03/02/2013 01:20 AM, Ben McGinnes wrote:
>> I can think of two reasons why there may be some value in
>> including the second signatures. The first being if you have
>> added a new UID to your key and the new signatures are now
>> applied to that.
> I should have been more explicit that this is not the case.
No doubt someone else will encounter that scenario and see the value,
though (my key acquired a new UID just the other day, though it won't
get as much use as this address).
>> The second being to show that the key is consistently under your
> But new signatures don't actually prove that, right? The person
> generating the signature could just as easily have uploaded it to
> the key server themselves. In this case that didn't happen, but
> the fact that new signatures appeared doesn't actually prove
I think it's more in the nature of circumstantial evidence, the
strength of which is determined more by the person doing the signing
and their policy regarding key signing. It can show a consistency of
control of the key and/or email address(es) associated with that key.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users