Sign key and export for each UID

Doug Barton dougb at dougbarton.us
Thu Sep 19 04:35:02 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/18/2013 04:14 PM, MFPA wrote:
| Hi
|
|
| On Monday 16 September 2013 at 9:20:45 PM, in
| <mid:CA+4dSw6Ct3buQPp-04+37O0bfCF6XAQOZvFh+xEhayWg3kFtAg at mail.gmail.com>,
| Pete Stephenson wrote:
|
|
|> I consider UIDs
|> corresponding to no-longer-functioning email addresses
|> to be invalid and won't sign them as I have no idea if
|> the keyholder is the actual owner of that address.
|
| Doesn't the CAFF method (emailing the key with your signature on just
| one uid in an encrypted message to the email address in that uid) take
| care of that for you? Unless the same person has access to
| both the secret key and the email address, they don't have access to
| your signature on that uid.

The issue for me is the "cleanliness" and accuracy of my local key ring
(as I pointed out in a previous message in this thread). I don't like
what either CAFF or Pius do; leave signatures that I consider "bogus" on
my local copy of the key, or rely on the user to upload the signatures
so that I can get them back after a refresh.

Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCAAGBQJSOmLVAAoJEFzGhvEaGryEvv4H/06tE11VoU+XXxEvtODF56cA
feL5L9IP1ZTGHiWaIKHuO1ioWKVxjYZpwvNlpEcHA0jWmE6JsWgMND1M74M79tR+
JSZKB//qufrw+Sm6o83siOdBNvX+Np1GhE5hjkh3z7U6iPd9Ld45u0Zf4uIDv7ou
jJEzIJ1uKlTzKIwO0cRAc3JP1tZNx2aNxQFqf3oiwC9ZpjNtXWhWWmRdlbA9Bini
wzo9AMwFhAGuEIC3a+qjJardVb6MvMl6MzClZYgMY5rpzp/uGJdKe5ptrIjlTo/I
N3x3vfj7+oEtUZPzBG/MQVKoGDHDwbiovW+hghTr3R3n/gTbKYqOjtuDjY+G4SM=
=vB6t
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list