trust your corporation for keyowner identification?
Paul R. Ramer
free10pro at gmail.com
Mon Nov 4 22:44:51 CET 2013
MFPA <expires2013 at ymail.com> wrote:
>Why do we need to establish they can also sign? Isn't it enough to
>demonstrate they control the email address and can decrypt, by signing
>one UID at a time and sending that signed copy of the key in an
>encrypted email to the address in that UID?
You are right. Decryption is sufficient to demonstrate control of the private key, because if he can decrypt, he can also sign. What I said, "decrypt and sign," was redundant.
More information about the Gnupg-users