-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ingo Klöcker wrote: > On Friday 07 July 2006 17:09, Todd Zullinger wrote: [...] >> But that does mean that you can't get a signed key to someone if >> the key you've signed doesn't have any encryption capabilities, >> correct? > > That's obviously correct. In this case you could give the key owner > a piece of paper with a random string and ask him to send it in a > signed message to your email address. Then you know that he can use > this key for signing messages. Obviously, you can't check the > validity of the email addresses belonging to this key (unless he's > got an encryption key you can use for checking the addresses).
Is it really necessary to encrypt the challenge? If the key has encryption capabilities, I would do so, but if it was a sign only key and I could not do so, just what sort of attacks or weaknesses are there in sending the challenge in the clear? I've seen David Shaw point out that it didn't gain you much. I'm just trying to work through the possible scenarios so I have them clear in my mind before trying to present this to a larger group, who may well end up with questions on this that I'd like to have better answers for than I do now. >> Have you found in practice that you don't run into many sign-only >> keys that you are asked to certify? > > Among a few hundreds keys I've signed so far only a handful were > sign-only or certification-only keys. I did simply sign them with a > lower verification level. Okay. I would have guessed that you probably wouldn't run into terribly many keys like this, but thank you for giving some practical experience to support this. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== ...unfortunately, we can't control the actions of everyone. -- Bill Clinton, April 20, 1993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSuwMcmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1ogLQCfdgI3cZPmG30R7Ho9S6wERT1Bf0MAoJnW40cG UqfQ+iNwqQUwaDyhHVFH =gsl0 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users