key question

MFPA expires2010 at ymail.com
Fri Feb 26 22:40:14 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi David


On Friday 26 February 2010 at 4:33:03 PM, you wrote:


> On Feb 26, 2010, at 11:24 AM, Robert J. Hansen wrote:

>> On 2/26/10 9:49 AM, MFPA wrote:
>>> I thought signing somebody's key was just stating to the world that
>>> you believe the claimed identity of the person who controls that key
>>> at the time you are signing it - not an indication that you are in any
>>> way "associated."
>>
>> I'm scratching my head here trying to figure out how you can reasonably
>> affirm the claimed identity of the person who controls the key if you
>> are in no way associated with them.

> There is associated and then there is associated.  I suspect MFPA
> is using the term in the "met casually, perhaps at a keysigning
> event" sense, and not in the "friends with", or "partners in crime with" sense.

> Both are associated.  The latter two are (forgive me) more associated.


This is an example of what I meant:-

Somebody met me once, briefly. They showed me a genuine-looking
passport that didn't look as if it had been tampered with, they looked
like the photo in the passport (though, hopefully, less ill!), and the
name in the passport matched the UID on the key.

My signature says I believe this person has the name they claim to
have. Nothing more and nothing less.

I would not consider myself to be "associated" with this person,
although I concede that my signature on their key associates us in the
web of trust.


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

COMMITTEE: A body that keeps minutes and wastes hours.
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS4g/x6ipC46tDG5pAQqt8gP/VazjXsg96lC46tXhFFuVz+tBmnqO2byw
VHqq8ODKOS+1grR8kzjrdYZLGfDLUYYvqshAdaM888xqJ3VarFtI/mKAm1CC0QTp
jzVUQrdBZadryLPioPXmW4JTs3YnipQgUBJinJE8IRXPkM5fOPLUC5d5yj7Ubngu
Y9HHA9gSjow=
=Ps7x
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list