On Sat, Oct 22, 2005 at 10:14:58PM +0100, Neil Williams wrote: > > ? That key has NO signatures other than yourself! There's no way anyone can > trust it. There are NO paths. > It does, look at: http://pks.aaiedu.hr:11371/pks/lookup?op=vindex&search=0x16DA1F1690887E13 http://pks.aaiedu.hr:11371/pks/lookup?op=vindex&search=0x5081D08A1DC7E994
Both are signed by my master key which in turn is signed by a friend. My scheme is having one "master key" and then I get people to sign that master key, which I in turn use to sign my other ad-hoc keys. To avoid further confusion, the key is signed by zeljko.vrba at gmail.com > > Sorry to hear that but how hard have you tried? Have you travelled to > Now I'm going to hide.. in fact, not. I tried finding someone while writing the previous mail and.. well, I've succeeded. > > Keysigning is testifying to the world that you have verified the person, the > fingerprint and the email. > I'm aware of that. > > If you want a formalised external method of identity verification, consider > using x.509 and people like Thawte will provide an alternative to GnuPG's > personal (face-to-face) methods. > Actually, at one point in time I did think about getting myself a "real" X.509 certificate and use it as "my own CA" certificate by which I sign my other ad-hoce keys as I see fit. The thing I don't like about commercial X.509 certificates is their short lifetime. It's a pure ripoff and no-work money generator for the CA, after you get your 1st certificate. I have yet to play a bit with gpgsm and see how well can you mix PGP and X.509 keys. I.e. can I use my X.509 cert to sign other people OpenPGP keys? Can I at least re-use the X.509 private key for my own OpenPGP key?
pgpi0KhNJeJV0.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
