| gabriel rosenkoetter on Mon, 6 May 2002 06:50:16 +0200 |
|
On Mon, May 06, 2002 at 12:00:36AM -0400, Michael C. Toren wrote: > I've been thinking about this recently, but so far I'm unconvinced > the email-and-exchange-a-passphrase is necessary. My point of view is > that what I'm saying when I sign a key is that the person's real name > matches the photo ID they presented. The email address I see as a bit > of information that the individual made public and signed (through the > key's self-signature), which does nothing other than indicate that the > address listed in one where encrypted messages using the key in > question can be sent. > > Convince me I'm wrong? Hrm. It's my opinion that, if you sign a given key, you sign *all* of the information in that key. For instance, if I were to delete one of my secondary uids and add another, your signature of my secondary uid would go away. I think that even if I were to change my primary uid, your signature of my *key* would remain, but I'm not sure. So, I guess all you're really signing without signing additional uids is that a key ID relates to a specific person. That puts the email address associated with the primary uid in kind of nebulous territory, doesn't it? Anyhow, I don't think you're wrong, mct, but I think the situation's a bit ambiguous... -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgp2UmAsddgHJ.pgp
|
|