Non email addresses in UID
ekleog at gmail.com
Tue Jan 28 20:13:30 CET 2014
On Fri, Jan 24, 2014 at 11:08:16PM +0000, Steve Jones wrote:
> Finally there's the possibility of explicit verification, if someone
> sends me a challenge and I publish that challenge's signature on my
> blog then that verifies that I am in control of that private key and
> can publish to that blog.
Wouldn't it be better to publish unencrypted (and unsigned) a challenge received
encrypted? As signing unknown data should be avoided, as noone knows whether
this data won't ever have a real meaning one does not intend to mean.
Hope this message is not syntactically flawed to the point of being meaningless,
More information about the Gnupg-users