-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GPG is a fine thing with it's web of trust.
But the probleme here being...a web of trust is not anonymous.
There is no identity to prove to get a key sign if you want to
be anonymous.
One nice service here is the
PGP Global Directory.
It does only checks that one of the email-adresses in the key indeed works.
Just like a double-opt-in.
Another one is the robotCA, where you send an email to robotca AT signedtimestamp DOT org with the subject "sign key: your key id" (e.g. "sign key: AE213E00") and it will load that key from a keyserver and send a signed copy to the email-adresses in it.
But at least that's something that can be done.
Verify that the key-owner can recevive at that that address without sending a message yourself.
(Like, if that key is to be used outside of an email-context.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHuZdjLAZ+Vq4hPgARAoJUAJ975yR30c11Tj0PI0oOLMmmkgm2KQCdFTl6
dq9/QQi+jM396gv8XAFmurQ=
=y1vL
-----END PGP SIGNATURE-----
Thursday, 31 January 2008
getting anonymous gpg-keys signed
Subscribe to:
Posts (Atom)