On 12/08/13 15:49, Ben Finney wrote:
Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”.
I don't think of it that way; when I sign GPG keys, I am signing each uid separately. Some uids contain an email address for that person, and I'd like to know that the address is actually connected to them when I sign it. Just as there might be another uid that is a photo, and signing it means that I recognize the photo to be of that person.
You're recording a historical fact, true for a point in time, not guaranteeing that any particular thing will work in future.
Yes, agreed. The signature binds information to a PGP key at a point in time. Glenn -- sks-keyservers.net 0x6d656d65