Re: [PLUG] keysignings / inactive keys

Michael C. Toren on Mon, 6 May 2002 00:00:36 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] keysignings / inactive keys

From: "Michael C. Toren" <mct@toren.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] keysignings / inactive keys

Date: Mon, 6 May 2002 00:00:36 -0400

User-agent: Mutt/1.2.5i

> The problem with this is that it doesn't show the user's other uids, > which really should be verified and signed separately. (Shouldn't > they?) When I did it for the last Netaxs meeting, I did it by hand, and was careful not to snip UID's where the real-name field was different than the primary UID. > Maybe that doesn't matter for the meeting, but it does for those > following your new email-and-exchange-a-passphrase method. (That is, > you need one passphrase per email address, not per person.) I've been thinking about this recently, but so far I'm unconvinced the email-and-exchange-a-passphrase is necessary. My point of view is that what I'm saying when I sign a key is that the person's real name matches the photo ID they presented. The email address I see as a bit of information that the individual made public and signed (through the key's self-signature), which does nothing other than indicate that the address listed in one where encrypted messages using the key in question can be sent. Convince me I'm wrong? -mct

Follow-Ups:

Re: [PLUG] keysignings / inactive keys
From: gabriel rosenkoetter <gr@eclipsed.net>

References:

[PLUG] keysignings / inactive keys
From: Darxus@chaosreigns.com

Re: [PLUG] keysignings / inactive keys
From: gabriel rosenkoetter <gr@eclipsed.net>

Prev by Date: Re: [PLUG] DSL saga webpage

Next by Date: [PLUG] Interesting refutation of Microsoft FUD

Previous by thread: Re: [PLUG] keysignings / inactive keys

Next by thread: Re: [PLUG] keysignings / inactive keys

Index(es):

Date

Thread