[ale] PGP / GPG key 0x450F89EC <pause at pause.perl.org>
Michael B. Trausch
mike at trausch.us
Wed Nov 30 12:09:35 EST 2011
On Wed, Nov 30, 2011 at 11:07:48AM -0500, Jim Kinney wrote:
>> I *will not* under any circumstances sign UIDs that I feel are
>> intentionally misleading. A If Jim Kinney brings me a key with both
>> his UID and a UID with the name "Mike Warfield" on it, I will not
>> sign that key.
>
> dang. back to the evil genius drawing board. Total World Domination
> postponed until further notice.
>
> is this thing on?
Sure is. :)
For me, it'd depend on if the key is misleading or simply doesn't
match the owner's ID (and why). Mike Warfield mentioned corporate
keys, for example; if someone presented me with a corporate key, it
would not gain my signature unless:
* That person proved their identity to me.
* That person is allowed to enter into binding agreements on behalf
of the corporation. That is, the person is the CEO (listed on the
Secretary of State's web site as such) of the corporation or there
is a corporate resolution enabling the person to enter into binding
agreements on behalf of the corporation.
* Failing the previous point, a corporate resolution authorizing the
person to generate, have possession of, and/or use the key.
* If a corporate resolution is used, it must be appropriately sealed
and I'd withold my signature on the key until I'd validated the
resolution that was presented. (And they'd actually have to give
me the resolution; the corporation should make multiple
properly-sealed copies of it so that I would be allowed to retain
one.)
In other words, I probably won't ever sign a corporate key. Maybe
that's why corporations use SSL over OpenPGP.
--- Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 665 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20111130/b9180677/attachment.bin
More information about the Ale
mailing list