[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kmail and gpg

On Thu, 3 Oct 2002 15:17, Ben Burton wrote:
> > so you have to do
> > gpg --edit-key <email-address>
> > Command> sign
> > Command> trust
> > Command> save
>
> No!  You should only ever sign a key if you can be sure the key belongs to
> the person who claims to own it.  This generally means you have received
> the key (or its fingerprint) through a non-electronic medium - such as in
> person on a slip of paper - and you have verified the identify of its
> owner, such as by checking a drivers' license or passport.

I was under the impression that the original message was about your own key, 
which you should sign (keys that aren't self-signed are worthless).  
Presumably you don't need to look at your own drivers' license.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: