On 2/26/10 9:49 AM, MFPA wrote: > I thought signing somebody's key was just stating to the world that > you believe the claimed identity of the person who controls that key > at the time you are signing it - not an indication that you are in any > way "associated."
I'm scratching my head here trying to figure out how you can reasonably affirm the claimed identity of the person who controls the key if you are in no way associated with them. A signature on a key says, "I believe this key really corresponds to this person." But if you have no association whatsoever with that person, how can you make a signature? The existence of the signature necessitates at least *some* association. Even a trusted timestamp service that makes signatures without any human intervention makes an association claim: "at this date and time, someone sent this document to me for signing." _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users