How to get your first key signed

Anthony Papillion anthony at cajuntechie.org
Fri Oct 2 07:01:25 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/1/2015 11:51 PM, Guan Xin wrote:
> On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen
<rjh at sixdemonbag.org> wrote:
<snip>
>> So sure, yes, without identity verification it's hard to have
confidence
>> in someone's legal identity, absolutely.  But even with identity 
>> verification, most people don't even bother to check to see that
>> the signing certificate's email address matches the one on the
>> email.
> 
> It's sad to hear that anyone takes it seriously to check that a
> certificate's email address matches the originating mail address. 
> This really messes things up in the sense that it causes additional
> inconvenience with little benefit.

Sorry to just jump in here but I've been following the conversation
and this caught my eye. While checking the email address associated
with a key might not /always/ be useful (like in the case of IM, fax,
etc), it /can/ help provide 'evidence' that a key might have been
compromised. If I receive an email from an email address that is
different from that on the key, the very first thing I would do is
email the key holder at their known address and ask what's up. It
could very well be a case where the key has been compromised but the
email address hasn't and the key holder doesn't know.

Anthony

- -- 
Phone:     +1.845.666.1114
Skype:     CajunTechie
SIP/VoIP:  17772471988 at in.callcentric.com
PGP Key:   0x53B04B15
Fingerprint: C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJWDg+lAAoJEAKK33RTsEsVyd8QALMR+iKmKl9bKK1oib+pi9qa
s5H+q9wohsj51bPU89VakTvc7vQQFssO1HdnATk3vSDpfUX0NQCyDhZd8Qw6Wijd
LCjRoyuY3SKvoWUww4iklHofVzGrATUU4EHyz9u6m6X1V9bsNPLiwbnZPr+vp/08
Xte8YmZs0z9yRJl2aclySutQa7oLbiHD8iuU++4Kj2q5g8fy/Hi6Kz1A3/j1zXLd
S5TxIWzYqlbt/4IpIdJmcgP0WwKkINwzBW0yAx9+JWflJ57B81oWdXYXN2QRMraZ
JKQgD0KVjHt1HuD2k3gTZKAdqPU22LI3rAk9yQu1AgAYmAFdGx1MpjLxvhkBnQBk
+uEhmCNh0x/g7RM9GKjPYTKkEI2VLlsw3MfTE44RJJyH5NexJZkqV0/7JAF5EWI+
QX7PsPOKQZb0CpK2zWvvFFKmLS46Val54O+2iBw5pmh64733/htEhXoHILHhE18+
CSfa+mWMZkxcZvehZkZAf1jKveKPy1sl2nfu9C804tufCN8QRt2/YgxTJJhVUwSk
rsIXPy80PS/DilPt4exp9cZ6loytzPd43BVPalSmP8UvyP5CFH8zgw/wKoqwiVyu
4oeZwH1lFdsM/b2R0TBZ2a/jkVDpgEFBthCCA2s6EniCmcjr2og1tdT8E91uU84d
2cSDFlQ3W2Y6KtnOVNEm
=oVTg
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list