-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/18/2013 04:14 PM, MFPA wrote: | Hi | | | On Monday 16 September 2013 at 9:20:45 PM, in | <mid:ca+4dsw6ct3buqpp-04+37o0bfcf6xaqozvfh+xehaywg3kf...@mail.gmail.com>, | Pete Stephenson wrote: | | |> I consider UIDs |> corresponding to no-longer-functioning email addresses |> to be invalid and won't sign them as I have no idea if |> the keyholder is the actual owner of that address. | | Doesn't the CAFF method (emailing the key with your signature on just | one uid in an encrypted message to the email address in that uid) take | care of that for you? Unless the same person has access to | both the secret key and the email address, they don't have access to | your signature on that uid.
The issue for me is the "cleanliness" and accuracy of my local key ring (as I pointed out in a previous message in this thread). I don't like what either CAFF or Pius do; leave signatures that I consider "bogus" on my local copy of the key, or rely on the user to upload the signatures so that I can get them back after a refresh. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCAAGBQJSOmLVAAoJEFzGhvEaGryEvv4H/06tE11VoU+XXxEvtODF56cA feL5L9IP1ZTGHiWaIKHuO1ioWKVxjYZpwvNlpEcHA0jWmE6JsWgMND1M74M79tR+ JSZKB//qufrw+Sm6o83siOdBNvX+Np1GhE5hjkh3z7U6iPd9Ld45u0Zf4uIDv7ou jJEzIJ1uKlTzKIwO0cRAc3JP1tZNx2aNxQFqf3oiwC9ZpjNtXWhWWmRdlbA9Bini wzo9AMwFhAGuEIC3a+qjJardVb6MvMl6MzClZYgMY5rpzp/uGJdKe5ptrIjlTo/I N3x3vfj7+oEtUZPzBG/MQVKoGDHDwbiovW+hghTr3R3n/gTbKYqOjtuDjY+G4SM= =vB6t -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
