On 28/06, John H. Robinson, IV wrote: | http://people.debian.org/~jaqque/keysign.html | | it does have some weaknesses, but it is a lot stronger than the ``oh, | i've met you, i have checked your ID, and off we go'' | | comments welcome.
It has an enormous flaw: you do not sign a key, you sign an id. That means that checking for one e-mail address for being valid and signing all the ids is just bogus. You may use this protocol, but you have to repeat each for every email address you are going to sign.
