Re: Kmail and gpg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 03 October 2002 2:40 pm, Russell Coker wrote:
> On Thu, 3 Oct 2002 15:17, Ben Burton wrote:
> > > so you have to do
> > > gpg --edit-key <email-address>
> > > Command> sign
> > > Command> trust
> > > Command> save
> >
> > No! You should only ever sign a key if you can be sure the key belongs
> > to the person who claims to own it. This generally means you have
> > received the key (or its fingerprint) through a non-electronic medium -
> > such as in person on a slip of paper - and you have verified the identify
> > of its owner, such as by checking a drivers' license or passport.
>
> I was under the impression that the original message was about your own
> key, which you should sign (keys that aren't self-signed are worthless).
> Presumably you don't need to look at your own drivers' license.
>
GPG changed recently in that it stopped ultimately trusting any key for which
you have a private key. This means you have to edit your key and trust
yourself. I would be surpised if someone had managed to create a key which
hadn't been self-signed.
However, that said, I was under the impression that the email bab followed up
to was advocating signing keys willy nilly. Certianly how I read it.
- --
David Pashley
david@davidpashley.com
Nihil curo de ista tua stulta superstitione.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9nFEGYsCKa6wDNXYRAqS9AJ0Rtt8yB0DjOYcbDI9z15SKx3/KMACghKB3
K8jCX+bg0vpgVbh3wxU15X0=
=uFuM
-----END PGP SIGNATURE-----
Reply to: