[Nottingham] (no subject)

david at gbenet.com david at gbenet.com
Sat Nov 21 22:49:49 UTC 2015

On 21/11/15 14:59, Roger Light wrote:
> On Sat, Nov 21, 2015 at 10:03 AM, david at gbenet.com <david at gbenet.com> wrote:
>> People had have my old key will be aware they share the same information.
> The point is that there's no guarantee it is in fact linked to you.
> They met you, presumably checked your credentials, then signed your
> key. This time, all there is is an email from someone alleging to use
> the same email address (which isn't the same as in the key), signed by
> the new key. Anybody could forge a mail with a fake gpg key saying the
> same, without some link between the old key and the new there is no
> reason to assume they are connected.
> I've attached a different gpg key with the exact same parameters as
> yours. By your reckoning, everyone should assume that it belongs to
> you as well, which is clearly not the case.
> If you don't care about the web of trust aspect, then sure ask people
> to sign your keys without verification, but you should bear in mind it
> then doesn't mean anything.
> Cheers,
> Roger
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
Have we had a beer? Clearly we have not.


“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20151121/e6672d95/attachment.sig>

More information about the Nottingham mailing list