Kevin wrote the following on 4/7/11 9:49 AM: > If nothing else, it > establishes that you have some kind of relationship with the owner of > the key you signed. It may establish that you an he/she were in a > specific place at a specific time (e.g. a keysigning party), etc. The > words "no information" must be used with great care, because information > leaks out of every pore in even the best crypto-systems. Whether that > information is valuable or useful in some way, to a third party, is > another matter.
In another forum, one of the members signed my public key and uploaded it to the keyservers with his/her signature, without asking nor notifying me (the key was already on the key servers, but without this added signature) I didn't invite this person to sign my key. I don't know this person, never met her/him, never had any contact except the fact that we both participate in the same forum, together with other members. I decided against asking this person to revoke the signature. I generated a new key pair (that I don't intend to upload to any key server, but instead I shall send it directly to people whom I correspond with), and I shall gradually "phase-out" the previous key, until I finally revoke it. Yes, I know. Paranoia. Charly _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users