My key is self-signed. Grr... I can't seem to sign it with my old key (from hal.com). My old key is a pgp 2.6.2 key, and my new key is pgp2.6.
If you are interested in signing my key, please let me know!
Key for user ID: Daniel W. Connolly <firstname.lastname@example.org> 1024-bit key, Key ID 27B7C2C9, created 1995/07/18 KeyID Trust Validity User ID * 27B7C2C9 ultimate complete Daniel W. Connolly <email@example.com> c ultimate Daniel W. Connolly <firstname.lastname@example.org> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjAMDLUAAAEEALeogdJq2wdJSomcrtx2PxrljvsYCIgvYG/4Nl1+oML2Gc2W ah5zuFutipG2QiKJb4Nls7QO8OfsVIR4ZrC2BjjxUYzvv5WyDoExLutlGQ32oTvK /PAEpSHNQzHuN87PmlvNANVZM349uojBgVsu03HNA9aIAj9WNMvvPXAnt8LJAAUR tCREYW5pZWwgVy4gQ29ubm9sbHkgPGNvbm5vbGx5QHczLm9yZz6JAJUCBRAwDA0D y+89cCe3wskBAXmSBACpIsFB1vzbm0+wsdPhAZERzIoZEJC1Xx9GTQGsI3IJts3Z n19nS2I4w6YtIZyWXae6iNVJ+EoxTW3RL1oniXQbzJERQQxblk9lgZ/0Puocksdy ViOAWNjiT2x/Zoyk8ii/GyugrssuymYcb+fSHfO3p2OtXjGIpLgsjjqJ1+M9Gw== =j+4q -----END PGP PUBLIC KEY BLOCK-----
As software distribution via the internet becomes less of an academic and research excercise and more of a way of a commercial technology, more folks who are unaware of the risk of viruses are going to be downloading stuff over the net.
Vendors, organizations, and even individuals should make it convenient for folks to verify their distributions by providing bytecounts, checksums, and even digital signatures, especially for "ready to run" and binary distributions, where looking over the source code isn't necessary, convenient, or even possible.
The cost of "cracking" public key cryptography is believed to be extremely high. So a lot of folks put a lot of credence in public key signatures. And the cost of a compromised signature is correspondingly high. The secret key corresponding to a public key must be dilligently guarded. And the public key shouldn't be trusted blindly.
The PGP documentation by Phil Zimmerman is an excellent guide to PGP and the issues surrounding it.