How many of you have taken the time out to get your keys signed by other people at a key signing party or similar?
did, do and will do in the future.
I've only got one signature on my keyring from a meeting with a "stranger", but I'm not sure that it has affected the way people view a signed mail from me.
You have to meet the right people and make them sign your key
... Yesterday I met Phil Zimmerman in person and handed him my calling card containing my fingerprint but I am not sure wether he has time to sign all the keys people ask him to sign. Anyway - he would not give me his card but asked me to get his key from his website ... so I guess real life might be different than the theory.
How much checking do you do of signed mail you receive from somebody?
Personally, I only sign keys non-locally if
- normal case (business contacts)
- personally checked an official identity document and
- I received the fingerprint in person or
- exceptional case (relateves, close friends)
- I know that person very well for a long time and
- received the fingerprint out of band (not by email but e.g. on the phone).
As the mail is signed do you tend to trust it more, or do you check the key for signatures and trust levels?
I do maintain trust levels according to my knowledge about the key owner's knowledge about key signing and his dedication to properly verify other peoples identity before signing their key.
In private everyday conversation the calculated trust level doesn't really make a difference for me since I usually don't need that high trust level when receiving messages.
But when I have to send confidential documents electronically, I think that it is important to verify that a key really belongs to the receipient. And when receiving important messages or documents that I have to rely or react on, knowing exactly that they were signed by exactly that person
(not a key that carries an ID of that person
) does make a big difference for me.