-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Thursday 19 January 2012 at 1:38:37 AM, in <mid:20120119013837.gc23...@groupw.cns.vt.edu>, Phil Benchoff wrote: > I think a lot about what signature classes are > appropriate for what situations and similar pedantry, > but the current state of practice needs help at a more > fundamental level. I just attended my first > key-signing party. The participants likely have an > above-average technical skill set. Of the 16 > signatures I've received so far, all are at the default > level. Five signers delivered my signed keys in > encrypted form to the individual UIDs. The rest just > uploaded them to a keyserver. I can't be critical of > anyone who did that. It seems to be the most common > practice. I *am* pretty critical of that. Those 11 people have denied you the opportunity to see exactly what they are adding to your key before publishing it. (That may generally be seen as trivial, but it matters to me.) More importantly, they are signing UIDs that may well contain email addresses, without actually verifying that you "control" those email addresses. - -- Best regards MFPA mailto:expires2...@rocketmail.com However beautiful the strategy, you should occasionally look at the results. -----BEGIN PGP SIGNATURE----- iQCVAwUBTxrElaipC46tDG5pAQr9XQP/bgSvw1RIUvgf/asdQTe3DJYoXtvXyqmO VuVPG2ZmJyseJwvw+QNYO+lw+TLbxUoUAaJpTqiP4CtV/k4IMtOKwRRsBLZDGIgD Vj+cd9bGapfx6vOLzegaMKpDSRdaJ4TCBAlVoQSYeLruxIbnuEb/PZ1ITtC3gKLr z8G8mzbao2A= =wbE5 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
