MFPA <expires2...@ymail.com> wrote: >Why do we need to establish they can also sign? Isn't it enough to >demonstrate they control the email address and can decrypt, by signing >one UID at a time and sending that signed copy of the key in an >encrypted email to the address in that UID?
You are right. Decryption is sufficient to demonstrate control of the private key, because if he can decrypt, he can also sign. What I said, "decrypt and sign," was redundant. Cheers, --Paul -- PGP: 3DB6D884 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users