On Fri, 2005-01-21 at 11:51 +0900, Georgi Georgiev wrote: > > Why the hell would we do that? > > If my anonymous key was signed, you wouldn't be able to send a signed > e-mail claiming it to be from my e-mail address. And since you don't > trust my name, checking the signature would reveal a "good signature by > [anon] [EMAIL PROTECTED]" when I send signed e-mail. In this case you'd at > least know that my e-mail is not spoofed which is still something.
Yes. That is possible and some people could do it, but that isn't what we're out for. In fact, doing so would be counter to what we are attempting to accomplish via our signings, but would work if only to prevent forgeries. > > Again, we aren't out to try to circumvent the process, so your point is > > moot. We wouldn't sign the "anonymous" uid. I'll let this stand by itself one more time for effect... ;] -- Chris Gianelloni Release Engineering - Operations/QA Manager Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part