-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 FYI, the signature on your message did not verify for me in thunderbird, although others you have sent do.
On 09/16/2013 02:18 PM, Ingo Klöcker wrote: | On Monday 16 September 2013 11:57:04 Doug Barton wrote: |> The way that your signer did it is _a_ standard way to do it. CAFF is |> a very popular program for that, and there is another here that is |> also pretty good: http://www.phildev.net/pius/news.shtml |> |> I have another philosophy that works for me because I prefer not to |> sign uids that are not valid. I send encrypted e-mail to each uid |> with a pseudo-random string and ask the person to send me back the |> string in a signed message. That allows me to determine if the person |> has control of all 3 elements of the uid; the e-mail address, |> private, and public keys. | | CAFF (and apparently also PIUS) achieve same I'm familiar with how those tools work. However what I don't like about them is that they can either leave behind signatures that I consider bogus on my local key ring, or require that the user correctly deal with the signatures I send, and upload them to a public key server, for me to later download. I prefer to keep my personal key rings reflective of my judgement about the keys/uids, regardless of how the user chooses to deal with the signatures. But that's my choice, reasonable minds can differ. |> As a pleasant side effect it also gives me |> a chance to judge their competence with PGP, which allows me to |> assign a better trust value to folks I did not previously know. | | Granted, this is an advantage your workflow has over CAFF, but I'm not | sure it's worth the additional work of verifying all replies and then | selectively signing UIDs. Like I said, reasonable minds can differ. I personally don't find it all that burdensome to select the uids that I am willing to sign when I get the responses back. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCAAGBQJSN3lHAAoJEFzGhvEaGryEyewIAMITKi9kTCgOHIZpGjLd9NAI Jx7Pt6xPYTK33gRhC8puOUpw8337FvXiQFH9/SiHw/gNLt9RHruIPq1nzE4UNV8P Cv0qGOJrYuhdL8ASdOfG67HP1dFkYOy4RQPGNhoZAf3bcdG67I26t7FvciIy9o+r xMx/I9W3hN9aANZ7VK5xGIcij7m19NRjjYECERRnOCNbSe+qh/4km7GYfQvB1W9c mhIpwBnpKIqAqfHLr3nyrMjgYWXjxT52Y0YaXmE5xaRq+Xd909cRNi/hdLJyf12F ILylfvSWp9k2R4kyFI/Ki0L1dEEqJLsK0k+kgI2N3+fFbcq7pQOI9utEUv8GYlY= =pvv2 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
