[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 24 Jun 2002 9:55 pm, Theo Zourzouvillys wrote:
make sure you sign it, too. if you want to know my fingerprint - it's:
Would I have to export my public key again after signing your key? If so, does the new key keep the same key ID? How does me signing your key affect your key? I've imported keys from people whose keys have been signed by other members of my public ring and the signature shows up in their imported key, even if I haven't imported the key from the people who have actually signed the key. I can't see how this works: When I import the key for A, I can see that it has been signed twice, once by someone already in my public ring, B. The other signature just gives the key ID [unknown user]. So B has signed A's key but A's key appears to have changed (otherwise I couldn't see the two signatures). How? B has signed A's key on his own computer - remote from A's computer, does the keyserver act as an intermediary??? How can A's key be changed from B's computer? If I import a key, C, from a text file on a website rather than from the keyserver, would I miss out on signature data? (e.g. if B has also signed C's key, how can that information be included in the exported ASCII public key for C?) (BTW: Is there a problem with your fingerprint being available to anyone via the DCLUG website?)
How carefully have you verified the key you are about to sign actually belongs to the person named above? If you don't know what to answer, enter "0". (0) I will not answer. (default) (1) I have not checked at all.
More info please: If you haven't checked it at all, is signing it worthwhile? Does that dilute the trust?
Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources...)?
Is there any way of knowing how carefully someone has checked a key they have signed when signing/importing their key? (I don't want to trust other keys of people signed by someone who hasn't checked what they are signing!) - -- Neil Williams ========== www.codehelp.co.uk www.dclug.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9H4ERk7DVr6iX/QIRAsMzAJ49pdwKCRqtULr695gkxHjMGY+GFwCcCUqa yboSJc0C/BkAyhLG/cIyGIM= =O8CS -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.