On 6/7/12 12:32 PM, Werner Koch wrote: > That is actually a bit funny: I never asked anyone to sign that key. > Probably they deduced the correctness from my regular key which I > used to sign the above key. That is not a surprise; I have seen > many signatures on my keys from people I never met.
Perhaps it would be worthwhile to add a question to the signing process: "Have you met this person face-to-face and verified his/her identity? (y/N)" If the user answers no, display a warning that the user probably wants to lsign, not to sign, and give the option of making an lsign instead. It might cut down on certifications such as these... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users