On Fri, 10 Nov 2006 21:33, [EMAIL PROTECTED] said: > curious why encrypting signed keys back to their owner is a bad habit. > It verifies the other half of the ID on the key (the email address), it > verifies that that person (still) has the secret key and passphrase.
Why do you want this. It might chabnge the next minute. The main reason why sending a key back in an encrypted mail is that at that time the key as already be signed and thus there exists a public knowledge that about this signature. Whether the signer uploaded the key or not doesn't matter. He has gone into great lengths to make sure that he signed the correct key and any further checks are thus not needed. What do you do with keys which don't carry an encryption key? It is a policy decision whether to use an email challenge-response *before* signing a key. There is no reason to protect the public key after signing - it is public. Well, this holds valid for keys which are anyway public. For the few people who don't send their keys to a keyserver, it might make sense to send it encrypted. > Only if the owner puts his/her key on a keyserver, or someone > disrespects his right to not have his key there. I can think of a few Checking my keyring shows that I did 873 signatures using my current key. I am sure that not more than a few dozen people send me their key by mail or passed it using a floppy. Almost always I retrieved the key to sign from a keyserver and thus all this hiding of keys does not make sense. Further there is the problem that when attending a signing party a small percentage of the attendees will accidently send the keys to a keyserver and thus publish it. You can't aboid that. Well, you can but then you should not go to a signing party or use the key to sign anything which you can't be sure that it will stay within your closed group. > Personally, while I don't like the aspects of social mapping, once I Well, it just says that you and the other persons met some time before the signature has been done. You may delay the signing and batch them up to make it harder to map the signing to a specific event. Shalom-Salam, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
