Hi, Oohara Yuuma wrote: > When signing a GPG key, is it better to sign all of its uids, or > just an uid that I see relevant (such as the @debian.org one)? > I usually meet someone, get a hardcopy of the key fingerprint, > the e-mail address and so on, then check it later and sign the uid > which have that address in it.
I sign a uid when these uid's address is not bouncing and the person who claims to belong to this key answers a message encrypted to him sent to the specific uid. If the person answers to all the mails sent to him, I can sign all uid's. The checking if the email is valid and can be read by the keyowner does weasel's cabot for me => http://www.palfrader.org/#cabot Regards, Rene -- .''`. Rene Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' [EMAIL PROTECTED] | GnuPG-Key ID: 248AEB73 `- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73
pgplbLBgDpx6a.pgp
Description: PGP signature