[FOSDEM] key question still slightly unclear
Serge van Ginderachter
serge at vanginderachter.be
Fri Feb 23 20:01:41 CET 2007
On Fri, 2007-02-23 at 18:27 +0100, John Seifarth wrote:
> I asked:
> > 3) If I add another email address to my identity (I only have one on
> > it now), is the key as signed at the keysigning automatically valid
> > for that address (or is my question already showing my lack of
> > understanding)?
> Wouter replied:
> >> That will depend on the participants; some people will sign your new
> >> UID, others won't. It may help if you communicate that you have a new
> >> UID on your key at the signing party.
> Geert said:
> >> When signing a key, GPG will ask whether you want to sign all
> >> email adresses.
> >> Some people won't say `Y' if your new email address is not on the
> >> list.
> And I'm confused. I really don't understand the mechanics of the
> keysigning system. You have a series of private keys, they will be
> collectively validated by a md5 and a sha1 checksum. How does my
Yes. That happens out-of-band. Wouter prepared a page containing all the
keys. You prepare the same page, by checking them yourself with gpg, and
compares the hashes. Now you know the keys on the paper you printed are
> individual key get signed? Do I have to upload it on the server (see
> below) beforehand,
> or so the keysigners have a copy of the key I
> uploaded to FOSDEM?
Keysigners will have to download your key to be able to sign them.
> I was thinking more along the line of adding an
> email address AFTER the keysigning party. Is that email address (is
> that considered as the ID) covered by the current keysigning, or
> should I worry about that at next year's keysigning? Do I have to
> sign other peoples' keys?
It depends. The person signing your key must decide to trust you or not.
I don't see any reason why, but I'm no expert.
Serge van Ginderachter http://www.vanginderachter.be/
If ignorance is bliss, you must be orgasmic.
More information about the FOSDEM