Re: GPG and Signing
Brad Rogers writes:
> Yes, you've got the right key, and it *has* verified. However, since
> Andrei's key is not included in your web-of-trust, GPG gives the warning.
> A valid signature != a trusted signature.
Such signatures can serve a useful purpose, though. You may not have a
trust path to him but you can be fairly sure that all messages with that
signature came from the same person.
> If they have, I'd be suspicious, because nobody has ever contacted me to
> verify my ID.
"ID" is a slippery concept. What does it mean to "know who someone is"?