I'm still working on getting my card reader to work, but in the meantime, I have a couple of questions regarding key-signing ettiquette following a session at LUG Radio Live last weekend. I hope the questions are not OT, I've checked the HOWTOs & FAQs, but there's some ambiguity in them.
First: Is a photo driving licence considered adequate identification?
I'm in the UK so we have UK / EU photo driving licences. I have
previously only used passports as ID, but some people were presenting
driving licences instead.
Second: I've already had back some e-mails, encrypted with my public
key, with signatures attached ready for me to upload to a keyserver. I
usually use the procedure described at [1], which requires the
additional verification of the encryption, exchange and decryption of a
random amount of text before signatures are sent. Obviously I have to be
able to decrypt the e-mail successfully to access the signature they
have sent me, but is this considered a safe and appropriate way to sign
keys?
The e-mails I received were identical apart from the sender's name, so I
suspect they are using a script. I wasn't able to find anything
definitive on Google so can't be sure which script they are using, but
the text ran like:
---quote---
Hi,
please find attached the user id
Antony Paul Whitmore <[EMAIL PROTECTED]>
of your key 7920DB2171B98B64 signed by me.
If you have multiple user ids, I sent the signature for each user id
separately to that user id's associated email address. You can import
the signatures by running each through `gpg --import`.
Note that I did not upload your key to any keyservers. If you want this
new signature to be available to others, please upload it yourself.
With GnuPG this can be done using
gpg --keyserver subkeys.pgp.net --send-key 7920DB2171B98B64
If you have any questions, don't hesitate to ask.
---end quote---
I'd value the opinions of the list, as I want to ensure correct
procedure is followed to ensure the integrity of the web of trust.
Tony
[1] http://www.hantslug.org.uk/cgi-bin/wiki.pl?LinuxHints/KeySigning
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
