On Tue, Sep 6, 2011 at 10:51 AM, Neil J. McRae <[email protected]> wrote: > > > On 06/09/2011 10:48, "Ben Laurie" <[email protected]> wrote: > > >>Just because there is a problem it does not mean there is a solution :-) > > I love your honesty! :-) > >>In general, my approach to key-signing is that if you can persuade me >>the key goes with the email address you want me to sign (the name is >>immaterial), then I'll sign. This does mean I don't sign all that many >>keys :-) > > Which is not that different to what we are trying to do.
Actually, I think it is very different. In particular, PGP keys are useful when associated with an online identity - normally represented by an email address (I would certainly consider signing keys associated with other forms of relevant identification). Signing a key because the name on it happens to match the fake ID you were just shown seems utterly pointless - you will never receive an email from that name, nor send one to it. However, the randomly chosen email that coincidentally went with that name is now associated with the key, according to you, for no apparent reason.
