[ale] PGP / GPG key 0x450F89EC <pause at pause.perl.org>
Jim Kinney
jim.kinney at gmail.com
Wed Nov 30 11:07:48 EST 2011
On Wed, Nov 30, 2011 at 10:52 AM, David Tomaschik
<david at systemoverlord.com>wrote:
> On Wed, Nov 30, 2011 at 10:24 AM, Michael H. Warfield <mhw at wittsend.com>
> wrote:
> > Sorry for hitting the whole list with this but I haven't gotten a
> > response back from the E-Mail address in question. I only sent the
> > query out early yesterday afternoon so that's not wholly surprising.
> >
> > What appears to be a "role key" was submitted to the ALE Keysigning
> > Party. Role keys are normally fine but the rules tend to be a little
> > different for verification, if the owner of that key wants them signed.
> > Usually, some proof of ownership (such as corporate papers for corporate
> > keys) or proof of authority is usually required. As one poster
> > mentioned, they only sign such keys with pseudonyms if they have a real
> > uid included on the key. I'll have to think about that criterion, since
> > you can always edit a key to remove a uid (subject to my comments in
> > another message) I'm not totally sure I would trust that, but maybe.
> >
>
> FWIW, if the key is already on the keyserver, deleting a UID is no
> good. All you can do is revoke the UID. While I don't object to
> pseudonymous keys, I will not trust them in my keyring, and will only
> sign them as "I have not checked at all." GnuPG asks what level of
> checking you have done when you sign a key with the following options:
>
> 0. I will not answer. (default)
> 1. I have not checked at all.
> 2. I have done casual checking.
> 3. I have done very careful checking.
>
> I normally select "2" for signatures from a keysigning event. I will
> sign with "very careful" checking for people whom I know personally or
> individuals who have provided 2 or more reasonable forms of
> identification.
>
> I *will not* under any circumstances sign UIDs that I feel are
> intentionally misleading. If Jim Kinney brings me a key with both his
> UID and a UID with the name "Mike Warfield" on it, I will not sign
> that key.
>
dang. back to the evil genius drawing board.
Total World Domination postponed until further notice.
is this thing on?
> I have also adopted Jeremy's practice of encrypting the signed key and
> sending it to (in my case) the first email address on the key. If I
> have concerns about a particular email address, I might instead choose
> that one.
>
> --
> David Tomaschik, RHCE, LPIC-1
> System Administrator/Open Source Advocate
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
--
James P. Kinney III
As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20111130/ca1fa04d/attachment-0001.html
More information about the Ale
mailing list