[H-GEN] Key-signing at Humbug: Saturday, 1st March 2003

Raymond Smith zzrasmit at uqconnect.net
Tue Feb 25 00:23:27 EST 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Tue, 25 Feb 2003, Christopher Biggs wrote:
> With PGP the purpose of self-signing your key is to prevent somebody
> else coming along and adding an additional user-id to your key; if
> your existing IDs are self-signed, that new user-id would be un-signed
> and would stand out from the existing id(s).

I see now: that makes a lot of sense. I had always heard this requirement
explained in terms of 'why should anyone else trust your key if you
don't'. Denying this attack makes this make more sense to me.

So, if I may ask another question, is it better to have a many email
addresses with one GPG key, or to have one primary GPG key that you get
everyone to sign that you then use to sign other keys?

Cheers,

Raymond
-- 
raymond at humbug.org.au                       I hate majordomo


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list