trust your corporation for keyowner identification?

Paul R. Ramer free10pro at
Wed Nov 6 02:32:38 CET 2013

>On Tuesday 5 November 2013 at 11:03:19 PM, in
><mid:52797937.5090404 at>, Paul R. Ramer wrote:
>> But if you sign it with an exportable
>> signature, you are saying to others that you have
>> verified the key.
>In the absence of a published keysigning policy, isn't that an

Signing is to be an attestation to the validity of the key.  But, yes, in absence of a keysigning policy (or in some other way of knowing how that person signs keys) it is just an assumption as to what that signature means.

I would not assume what the value of a signature is without knowing how that person signs keys, and I would still need to believe that person's methods are acceptable to me.


PGP: 3DB6D884

More information about the Gnupg-users mailing list