trust your corporation for keyowner identification?

Paul R. Ramer free10pro at
Mon Nov 11 18:56:15 CET 2013

Leo Gaspard <ekleog at> wrote:
>However, to come back to the initial problem, I still believe the key
>problem (ie. owner of K1 switchs to K2) does not require re-verifying
>etc. (BTW, isn't this also why transition statements, like
> were written ?)
>But I still wonder how one should deal with key duplication (ie. owner
>of K1 now
>has a second key K2)...

I would verify ownership before signing.  Just as I would read a document before signing it even if I was told what was in it by someone I know.

It is not hard to do and it would be easy to justify. The other way, IMO, requires more effort to justify.

There is nothing special about this scenario that makes it require less thoroughness than any other key signing scenario.  Do things thoroughly and correctly.  It is that simple.


PGP: 3DB6D884

More information about the Gnupg-users mailing list