trust your corporation for keyowner identification?

Paul R. Ramer free10pro at gmail.com
Mon Nov 4 22:44:51 CET 2013


MFPA <expires2013 at ymail.com> wrote:
>Why do we need to establish they can also sign? Isn't it enough to
>demonstrate they control the email address and can decrypt, by signing
>one UID at a time and sending that signed copy of the key in an
>encrypted email to the address in that UID?

You are right.  Decryption is sufficient to demonstrate control of the private key, because if he can decrypt, he can also sign.  What I said, "decrypt and sign," was redundant.

Cheers,

--Paul
--
PGP: 3DB6D884



More information about the Gnupg-users mailing list