gabriel rosenkoetter on Mon, 6 May 2002 06:50:16 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] keysignings / inactive keys


On Mon, May 06, 2002 at 12:00:36AM -0400, Michael C. Toren wrote:
> I've been thinking about this recently, but so far I'm unconvinced
> the email-and-exchange-a-passphrase is necessary.  My point of view is
> that what I'm saying when I sign a key is that the person's real name
> matches the photo ID they presented.  The email address I see as a bit
> of information that the individual made public and signed (through the
> key's self-signature), which does nothing other than indicate that the
> address listed in one where encrypted messages using the key in
> question can be sent.
> 
> Convince me I'm wrong?

Hrm.

It's my opinion that, if you sign a given key, you sign *all* of the
information in that key. For instance, if I were to delete one of my
secondary uids and add another, your signature of my secondary uid
would go away. I think that even if I were to change my primary
uid, your signature of my *key* would remain, but I'm not sure.

So, I guess all you're really signing without signing additional
uids is that a key ID relates to a specific person. That puts the
email address associated with the primary uid in kind of nebulous
territory, doesn't it?

Anyhow, I don't think you're wrong, mct, but I think the situation's
a bit ambiguous...

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgp2UmAsddgHJ.pgp
Description: PGP signature