Recently there was some discussion about when to sign somebody's public key and when not to. Does anybody have a short, to the point set of guidelines on when it is ok to sign? I think minimum requirements to sign would most likely be receiveing that key from the owner both on and off the net. That way somebody on the net who is doing man-in-the-middle type attacks is thwarted, as is somebody who gives you the key off the net with a false net-id. Anyway, I'm sure there's more to it than that, like are phone calls ok? I mean, how did you get the # anyway? And what about meeting the person in the flesh? How do you know they are the same person you talk to on the net? Thinking too much about this could make a person .realy. paranoid! ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner@indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" My opinions are shareware. To register your copy, send me 15$ in DigiCash. Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------