Fwd: PGP Signing

Fri Jul 18 12:19:20 UTC 2014

I follow the stuff regarding who to sign etc.

So, what's the best way to keep it all in check after I receive a
signature? Have them reupload it to a key server, preferably the main one -
I should then download this and reupload it to my website accordingly as it
will now contain a signature?

I presume a signature takes up little space else someone with many sigs
could find they have a massive key?

*This message, and any attachments to it, may contain information that is
privileged, confidential, copyrighted and exempt from disclosure under
applicable law. If the reader of this message is not the intended
recipient, you are notified that any use, dissemination, distribution,
copying, or communication of this message is strictly prohibited. If you
have received this message in error, please notify the sender immediately
by return email and delete the message and any attachments. *

On 18 July 2014 05:34, Michael Kesper <mkesper at fsfe.org> wrote:

> Hi Allan,
>
> Allan Irving <allanirving at allanirving.co.uk> schrieb:
> >Okay, so I've managed to set up PGP as per the documentation.
> >
> >My question is how does signing work and when someone signs my key,
> >does it
> >go like this:
> >
> >1. I send them my public key,
> >2. They sign it.
>
> Nobody should sign without checking your identity. People not knowing you
> will normally want to meet you in person.
>
> >3. They send me back the exported signed key, which now has their
> >signature.
>
> It's legitimate the other party uploads the key with their signature to a
> key server.
>
> Best wishes
> Michael
>
> --
> Diese Nachricht wurde mit Freier Software gesendet: http://fsfe.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20140718/a2c5c6b1/attachment.html>