You need a secure means of exchanging keys. In general email is not a
trustworthy mechanism, as it is clearly tamperable. A phone call is
marginally better. Though given the current news about skype, I'd
think twice about that, too ;)
Of course, you might even say face-to-face is not secure, but I think
we all agree that Descartes convinced us sufficiently (the invalidity
of his logic, notwithstanding) that we ain't brains in vats!
Of course, you could also reason, "Who cares?", in which case this
whole signing business is just silly.
-Fred
On Oct 2, 2008, at 11:51 PM, Willem Jiang wrote:
Since you and me met a year before, I will send you my key for
signing :)
