On 12/08/13 15:49, Ben Finney wrote: > Rather, the purpose of your signature is to say “I met this person, > verified they are who they say they are, and this person tells me this > is their email address and public key”.
I don't think of it that way; when I sign GPG keys, I am signing each uid separately. Some uids contain an email address for that person, and I'd like to know that the address is actually connected to them when I sign it. Just as there might be another uid that is a photo, and signing it means that I recognize the photo to be of that person. > You're recording a historical fact, true for a point in time, not > guaranteeing that any particular thing will work in future. Yes, agreed. The signature binds information to a PGP key at a point in time. Glenn -- sks-keyservers.net 0x6d656d65 _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/