Jeff Abrahamson on Wed, 25 Dec 2002 12:30:32 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] gpg signing party follow-on


So I've signed some people's keys after David Shaw's visit. Maybe some
people have signed mine. But this leaves me with a few questions:

- How do I let the rest of the world know? The instructions on the web
  site didn't indicate. Is this with --send-keys?

- If I send someone a key challenge question and they respond, having
  signed the correct challenge with the correct key but not from the
  correct email address, my inclination is not to sign their key, or
  to sign it with only moderate trust. Am I incorrect? This is the
  purpose of the verification, after all, to establish a binding
  between the key and the email address.

Thanks.

-- 
 Jeff

 Jeff Abrahamson  <http://www.purple.com/jeff/>
 GPG fingerprint: 1A1A BA95 D082 A558 A276  63C6 16BF 8C4C 0D1D AE4B

Attachment: pgpUMw6RpztfW.pgp
Description: PGP signature