ON Saturday, October 25, 2003, 12:15:20 AM, you wrote: MR> Unless you know Gerard personally, and have exchanged key/fingerprints MR> via other channels (like talking on the phone...assuming that you MR> recognize each other's voices), I would recommend *not* signing each MR> other keys and uploading them to the keyservers.
MR> If you do not know each other personally, and only have each other's MR> online "persona" and some correspondence history to go on, I would MR> recommend either not signing each other's keys, or singing only with a MR> *non-exportable* signature (only visible/useable on the signer's MR> keyring, and will not be visible to anyone else)...and therefore no MR> need to upload to a keyserver. MR> Furthermore, I have a real problem with the fact that others can MR> willy-nilly sign any key with an exportable signature and then upload MR> that key to the keyservers. All this can be done without any real MR> knowledge that a certain key belongs to the apparent owner of the key, MR> and without the approval of the actual key owner. Such exportable MR> signatures are basically worthless, and actually weaken the "web of MR> trust". Hi Melissa, I am pretty new to PGP, but I understand your point and will keep this in mind for future signing of keys. I did however already sign Vasiliy�s key. -- Best regards, Gerard -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bomb - A very long shot, usually a drive. When we try to hit a bomb the result is usually what you�d expect from a �bomb�� a disaster! Using The Bat! v2.01.3 on Windows 2000 5.0 Build 2195 Service Pack 4 ________________________________________________ Current version is 2.01.3 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
