On Wed, Mar 27, 2002 at 09:19:18PM +0000, Steven Murdoch wrote: > > They two things you need to convince us are:
3) That the person owning the PGP key reads the email addresses of all the UIDs on the key you're willing to sign. I verify this by sending a PGP-encrypted email to that address with a random string (I've seen folks use pwgen, others do an md5sum of a block from /dev/random). If I receive the same random string back, I can be relateively sure that the person who's key I'm about to sign does read that email address. Nobody expects the Spanish Inquisition. -- [EMAIL PROTECTED] http://www.wossname.org.uk/~mathie/ -------------------------------------------------------------------- http://www.lug.org.uk http://www.linuxportal.co.uk http://www.linuxjob.co.uk http://www.linuxshop.co.uk --------------------------------------------------------------------
