Obtaining sig2 and sig3 signatures
Stefan Claas
stefan.claas at posteo.de
Tue May 30 21:25:24 CEST 2017
Hi all,
while i am not new to GnuPG i must admit that i did not used it very often
and when i had signed/encrypted email communications i usually had the
"Untrusted Good Signature" from person x,x,z, because i am not a member
of the classic Web-of-Trust. So far so good. I'm interested about your
thoughts (especially from people living in Germany) about the following:
A couple of days ago i came along the CA Service of Governikus KG at:
https://pgp.governikus-eid.de/pgp/
where i obtained a sig3 signature for my new pub key:
pub 2048R/82EC52B4 2017-05-26 [verfällt: 2021-05-26]
Schl.-Fingerabdruck = 2BAF 85F9 281A BD54 3823 C7C5 981E B7C3 82EC 52B4
uid [ uneing.] Stefan Claas <stefan.claas at posteo.de>
sub 2048R/64C48933 2017-05-26 [verfällt: 2021-05-26]
I also received my X.509 classIII certificate from the "Volkverschlüsselung"
initiative from Fraunhofer SIT:
https://www.volksverschluesselung.de
Additionally i have a reset keybase account, due to the upload of my new
pub key, where people could have seen that i had there a Facebook, Twitter
and github proof and i am running the PGP/GnuPG Forum at Facebook.
Let's assume we would exchange signed emails (PGP/SMIME) would these proofs
be enough for you to warrant a sig2? And for a sig3 an additional video
conference?
The classical procedure would be to sign a key with a sig3 after seeing
the persons id-card in a real meeting. But who guarantees that the
id-card is not fake (if the person is a complete stranger)?
Please note, i don't want to ask people here to sign my pub key, i just
want to know what your thoughts are. :-)
Regards
Stefan
More information about the Gnupg-users
mailing list