In article <[EMAIL PROTECTED]>, Alex Yukhimets <[EMAIL PROTECTED]> wrote: >Just one question to the "public": is it OK to take a floppy with his >public key, sign it without his phisical presence and than e-mail >him the signed file back (encripted with his key)?
Make sure you see some physical identification (driver's licence, passport or similar). If you know who the person in front of you is, and he gives you a key, you can check it's his by looking at the ID on the key and checking the ID's signature. Once you've signed it, there's no reason to encrypt the result. You could upload it to a keyserver yourself, in fact. Actually, encrypting the signed key might be a good idea, because it'll ensure that the signed key won't be released to the world unless the holder of the secret key wants that to happen. (I -think- I've understood the issues correctly. Tell me if I'm wrong, people!) Also, I'm pretty sure there's a section in the PGP manual about how to organise meetings to sign the keys of people you haven't met. That's more authoritative than me. -- Charles Briscoe-Smith White pages entry, with PGP key: <URL:http://alethea.ukc.ac.uk/wp?95cpb4> PGP public keyprint: 74 68 AB 2E 1C 60 22 94 B8 21 2D 01 DE 66 13 E2 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
