On Wed, Dec 10 1997 17:44 GMT Charles Briscoe-Smith writes: > In article <[EMAIL PROTECTED]>, > Alex Yukhimets <[EMAIL PROTECTED]> wrote: > >Just one question to the "public": is it OK to take a floppy with his > >public key, sign it without his phisical presence and than e-mail > >him the signed file back (encripted with his key)? > > Make sure you see some physical identification (driver's licence, > passport or similar). If you know who the person in front of you is, > and he gives you a key, you can check it's his by looking at the ID > on the key and checking the ID's signature. Yes. That's right.
> Once you've signed it, there's no reason to encrypt the result. Well, if you're sending him the encrypted key [with the Public key of the person], only the receiver can decrypt it. This is a small trick to insure that the person got the `right key' :) > You could upload it to a keyserver yourself, in fact. Hmm, I wouldn't. It's possible that said person collects more keys and wants to upload them simultaneously. > (I -think- I've understood the issues correctly. Tell me if I'm > wrong, people!) AFAICT you're right. Just my 20 centimes, David -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
