Hi all, while i am not new to GnuPG i must admit that i did not used it very often and when i had signed/encrypted email communications i usually had the "Untrusted Good Signature" from person x,x,z, because i am not a member of the classic Web-of-Trust. So far so good. I'm interested about your thoughts (especially from people living in Germany) about the following:
A couple of days ago i came along the CA Service of Governikus KG at: https://pgp.governikus-eid.de/pgp/ where i obtained a sig3 signature for my new pub key: pub 2048R/82EC52B4 2017-05-26 [verfällt: 2021-05-26] Schl.-Fingerabdruck = 2BAF 85F9 281A BD54 3823 C7C5 981E B7C3 82EC 52B4 uid [ uneing.] Stefan Claas <stefan.cl...@posteo.de> sub 2048R/64C48933 2017-05-26 [verfällt: 2021-05-26] I also received my X.509 classIII certificate from the "Volkverschlüsselung" initiative from Fraunhofer SIT: https://www.volksverschluesselung.de Additionally i have a reset keybase account, due to the upload of my new pub key, where people could have seen that i had there a Facebook, Twitter and github proof and i am running the PGP/GnuPG Forum at Facebook. Let's assume we would exchange signed emails (PGP/SMIME) would these proofs be enough for you to warrant a sig2? And for a sig3 an additional video conference? The classical procedure would be to sign a key with a sig3 after seeing the persons id-card in a real meeting. But who guarantees that the id-card is not fake (if the person is a complete stranger)? Please note, i don't want to ask people here to sign my pub key, i just want to know what your thoughts are. :-) Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
