Re: ISO md5sum signing paranoia
Hi,
On Fri, Sep 30, 2005 at 10:08:19AM +0200, vitko wrote:
> Yes, that is the idea of signing the keys by CA. It seems gpg supports this:
No, the term "CA" is a concept from the X.509 world and is completely
alien to the web-of-trust model gpg uses. Do not mix the two models.
> <quote>
> gpg: WARNING: This key is not certified with a trusted signature!
> </quote>
>
> Does it mean that the key is certified, but I miss key of certificator; then
> I'd like to know where to get this certificate authority key;
There are no certificate authorities in the web-of-trust model. Anybody
who you already trust can sign the key.
> OR does it mean this key is not certified at all?
It means what it says: it is not signed by someone you already trust.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
Reply to: