-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/16/2013 12:45 PM, MFPA wrote: | Hi | | | On Monday 16 September 2013 at 7:57:04 PM, in | <mid:52375480.7020...@dougbarton.us>, Doug Barton wrote: | |> I send encrypted e-mail to each uid with a pseudo-random string |> and ask the person to send me back the string in a signed |> message. That allows me to determine if the person has control of |> all 3 elements of the uid; the e-mail address, private, and |> public keys. | | I thought that as soon as a public key is published or shared, the | person who created it no longer has control.
That's one way to look at it. :) However you may be surprised at the number of people who participate in key signing parties that haven't the foggiest clue how PGP works. If I encrypt a message to their public key and they cannot read it, and/or they cannot sign a response, IMO they are not "in control" of their key; whether it is published or not. Feel free to substitute other terminology if you wish, hopefully the concept is clear. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCAAGBQJSN2slAAoJEFzGhvEaGryEPUEH/0+Bowo2Oqp9QcylketWRQI6 ty0xyCcxdII3xLSub5A3zCNlSbKeUZCyRQKNJRtu4Oz4zbsg+V5PdrEpKqfNT9ek cTSLXP5ez7QzBZ6lbghLeSwGjoXF8mt8EjDo2yj2HRZWN/1ocbL7SAC41EtCBTC8 n04T1Xv+jcaWusHL5PisalJASS7Bk3AAgqBlNPOmJbQo1jOrUOekZ3mRivwyKTD3 Om+lgQI+xrEUqI+4HYfUtrS+E5e2HdEe9x0ZcshvB/MhAPcd18pZ16OtnVXU70uJ bAP7AW23NQNffLqrSyTenuGuXt8MxporY+asCVptk1857J1JiVRCX89X0ZekQlY= =6etn -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
