[rdfweb-dev] pgp signing

[Jim Ley]

"Dan Brickley" <danbri at w...>
> 1. in your foaf, mention your pubKeyAddress alongside other
> identifying details that ties in with the key.
> (I'd suggest we include the key fingerprint, though that isn't
necessary).

I don't want to do this, I don't want people to know my public key, they
might use it for something, the only reason I have a public key is for
signing RDF, I don't want _people_ to know my key, just the robots.

> 2. In your FOAF, say that the current doc has a dc:creator of (that
person);
> or if you write things around the other way, say that you foaf:made
your
> FOAF file. Either way, make an assertion in the signed RDF that says
> you wrote the RDF.

This is difficult, it means that I cannot say that a particular document
can be trusted unless I also created it, it seems reasonable for a tool
or my secretary to create a document, and me then sign it off as being
true by signing it (or US Chief Exec's signing of their accounts as they
now have to, do they also have to create them all when they publish in
RDF?).

I also don't see what's gained by having the information of the creator
of the doc in terms of how trusted the document is, the key identifies a
person, is that not sufficient?

Jim.