On Fri, Jan 24, 2014 at 11:08:16PM +0000, Steve Jones wrote: > [...] > > Finally there's the possibility of explicit verification, if someone > sends me a challenge and I publish that challenge's signature on my > blog then that verifies that I am in control of that private key and > can publish to that blog. > > [...]
Wouldn't it be better to publish unencrypted (and unsigned) a challenge received encrypted? As signing unknown data should be avoided, as noone knows whether this data won't ever have a real meaning one does not intend to mean. Hope this message is not syntactically flawed to the point of being meaningless, Leo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users