On Mon, Nov 04, 2013 at 01:44:51PM -0800, Paul R. Ramer wrote: > MFPA <expires2...@ymail.com> wrote: > >Why do we need to establish they can also sign? Isn't it enough to > >demonstrate they control the email address and can decrypt, by signing > >one UID at a time and sending that signed copy of the key in an > >encrypted email to the address in that UID? > > You are right. Decryption is sufficient to demonstrate control of the > private key, because if he can decrypt, he can also sign. What I said, > "decrypt and sign," was redundant.
Well... I still do not understand why decryption is sufficient to demonstrate control of the private key and not adding a UID (note I'm talking about signed UID's, not unsigned ones, of course). Sorry. Cheers, Leo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users