Am Dienstag, 25. Juli 2006 08:43 schrieb Atom Smasher: > On Mon, 24 Jul 2006, David Shaw wrote: > > Note that there is a difference between what page at > > http://www.hantslug.org.uk/cgi-bin/wiki.pl?LinuxHints/KeySigning > > says and what you say above. The page (correctly) notes that all > > that is necessary is that the person *sign* the challenge before > > sending it back to you. The page makes clear ("encrypted, if you > > like") that encryption is optional here, and adds little to what > > you are trying to prove. It doesn't matter if other people can > > read the signed challenge or not. Of course, it doesn't hurt to > > encrypt, so long as it is understood that it doesn't really help > > either. > > ====================== > > other than adding an extra step to the process, what is gained by > signing a challenge instead of encrypting a key certification (key > signature) to the recipient's public key?
Please (re-)read the recent thread (mentioned by David) where we discussed this. Regards, Ingo
pgp2NOgJhqwUy.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
