How to get your first key signed

Faramir faramir.cl at gmail.com
Sat Oct 3 01:10:38 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 01-10-2015 a las 5:33, Bob Henson escribió:
...
> Authority key, say. But a signature of any person's key that you
> have not met and positively verified is worse than useless as it
> degrades the whole trust process. Someone who I had never
> previously even heard of once signed my old, now revoked key - were
> that person someone "known" to be nasty, it would have degraded my
> key's value. The best it could have been is totally meaningless.

  I think it is a mistake to consider a signature can degrade a key's
value. After all, we CAN'T prevent people from signing our keys,
unless we try to keep them off the keyservers. But keys tend to end in
keyservers (probably they feel lonely and want to gather with their
peers). And bogus signatures from bogus keys don't weaken the WoT,
since a bogus key is not signed, so the signatures are meaningless. Of
course these signatures increase the public key size, but you can
distribute a clean copy of your key to your peers.

  Best Regards

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJWDw7uAAoJEMV4f6PvczxA39cIAKXhYP5iN+LFP3Fhj+n+b55S
4KXY6D0P0JV4DZYa6kN4duAn9jigM87xOrL4NiCbK+42wg4FkgZioIDxLJzV2C1L
8LQGxNWPfSgO0kbGQKyzsMkcsnc3HMLyiE5MnRH3jiq5arb+gQfO57YaMNRl6JdS
ENpVM7GtxMoloFHZ9dJdhhv8IEqxHnoW3WkvbRZMfgiedj7YKcLDqADgqJ94fzMc
HF280jXWKLbZHZhbp2XdopknzEGZqc02EZ4RBeAHse/jYPShyUfX3mJ/37jriVon
sbZpzLHzxbMlzGVT8+zBzB34ei8ftb0dYaxk5FM7P4MNwycf5y5qaLDiGpT3PFI=
=nKXX
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list