Hi, On Wed, Dec 04, 2002 at 10:04:21AM -0800, John H. Robinson, IV wrote: > Osamu Aoki wrote: > > On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote: > > > > which have that address in it. > > > > > > I sign a uid when these uid's address is not bouncing and the person who > > > claims to belong to this key answers a message encrypted to him sent > > > to the specific uid. If the person answers to all the mails sent to > > > him, I can sign all uid's. > > > > This sounds like good practice but burden of proof for the "activeness" > > of e-mail account is on signer side. A bit unfiar, IMHO. > > this is as it should be. a signer needs to take Due Diligence when > saying ``Yes. I know that this key matches this Name and EMail address.'' > failure to do that renders that signature, and potentially all other > signatures made by that signer. the whole Web-of-Trust thing. > > some people do take more care than others when signing, and that is > okay. but the onus is always on the signer to verify that the facts as > she understands them are true.
Sure I agree in your point of due dilligence. (I said "a bit".) I do not want to make life any harder for the people signing my GPG key either. I think question was not well formed and discussion is drifting away. I started different thread to address my real question. Thanks. Osamu -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++ Osamu Aoki <[EMAIL PROTECTED]> Cupertino CA USA, GPG-key: A8061F32 .''`. Debian Reference: post-installation user's guide for non-developers : :' : http://qref.sf.net and http://people.debian.org/~osamu `. `' "Our Priorities are Our Users and Free Software" --- Social Contract