Glenn McIntosh <neonsignal@memepress.org> writes:
On 12/08/13 15:49, Ben Finney wrote:
Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”.
I don't think of it that way; when I sign GPG keys, I am signing each uid separately. Some uids contain an email address for that person, and I'd like to know that the address is actually connected to them when I sign it. Just as there might be another uid that is a photo, and signing it means that I recognize the photo to be of that person.
Yes, that's what your signature means. But “this email address is connected with this person” is satisfied by “this person told me this email address identifies them”. If you're expecting a signature to mean “I have verified this email address delivers mail to this person”, you're going to be disappointed since that's not what it's meant to imply :-) -- \ “Odious ideas are not entitled to hide from criticism behind | `\ the human shield of their believers' feelings.” —Richard | _o__) Stallman | Ben Finney