[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nom de guerre public key



> I've created a pseudonym and a PGP key pair for that pseudonym.  Now,
> how do I secure signatures for my public key, given the fact that (a)
> to sign it, you should be sure that it really belongs to me, and (b) I
> have no intention of revealing who "me" actually is?

A signature on your PGP public key is a personal guarantee from the
person who signed it that she has first-hand knowledge that the key's
userid accurately names the person who physically possesses the key
(i.e., the signature validates the binding between userid and person).
But you do not have a binding between your userid and your person,
because your userid is a pseudonym, and a pseudonym is a name not
bound to a person.

Unless you reveal your pseudonym to someone and identify yourself
according to the rules of the PGP Web of Trust, you should not be able
to get signatures on your PGP public key.
--
Fran Litterio                   [email protected] (617-498-3255)
CenterLine Software             http://draco.centerline.com:8080/~franl/
Cambridge, MA, USA 02138-1110   PGP public key id: 1270EA1D