|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] keysignings / inactive keys
|
> The problem with this is that it doesn't show the user's other uids,
> which really should be verified and signed separately. (Shouldn't
> they?)
When I did it for the last Netaxs meeting, I did it by hand, and was
careful not to snip UID's where the real-name field was different than
the primary UID.
> Maybe that doesn't matter for the meeting, but it does for those
> following your new email-and-exchange-a-passphrase method. (That is,
> you need one passphrase per email address, not per person.)
I've been thinking about this recently, but so far I'm unconvinced
the email-and-exchange-a-passphrase is necessary. My point of view is
that what I'm saying when I sign a key is that the person's real name
matches the photo ID they presented. The email address I see as a bit
of information that the individual made public and signed (through the
key's self-signature), which does nothing other than indicate that the
address listed in one where encrypted messages using the key in
question can be sent.
Convince me I'm wrong?
-mct
|
|