On Tue, Apr 15, 2008 at 04:09:51PM +0100, Peter Lewis wrote: > Please excuse one final question: I have signed keys with one person (A), > whom > I trust fully, and he has signed keys with another person (B), whom I know, > but with whom I have not signed keys. B's key is (correctly) showing as > *valid*. Should I still wait until I can check his identity using the > photo-id and fingerprint, or is this now good enough for me to sign B's key? > > I wouldn't have thought so, but I just want to make sure I'm > absolutely clear about this stuff.
You are correct. You should not sign his key until you check his identity. Signing his key is making a statement that you confirm his identity, and in the example above you cannot make such a statement. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
