Re: So I received a gpg-signed email, can I trust it?

To: debian-devel@lists.debian.org
Subject: Re: So I received a gpg-signed email, can I trust it?
From: Holger Levsen <holger@layer-acht.org>
Date: Fri, 8 Jul 2016 16:20:30 +0000
Message-id: <[🔎] 20160708162030.GA14342@layer-acht.org>
In-reply-to: <[🔎] 20160708125420.GA8885@enricozini.org>
References: <[🔎] 20160708092127.GA17962@enricozini.org> <[🔎] caceaee8-11d5-2bfa-852e-822083cac73b@debian.org> <[🔎] 20160708125420.GA8885@enricozini.org>

On Fri, Jul 08, 2016 at 02:54:20PM +0200, Enrico Zini wrote:
> What if you received a message signed with key 9F6C6333?
>
> That is, what do you do (please list the practical steps) to validate a
> signature that is a few steps away from your key in the WoT?

trust in the real world depends on more things than a signed message. I
have traveled to other continents based on unsigned text messages,
because I could trust the contents (via other means than validating
signatures.)

so whether I would trust stuff signed by 0x44BB1BA79F6C6333 also
depends on the content of the message…

-- 
cheers,
	Holger

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- So I received a gpg-signed email, can I trust it?
  - From: Enrico Zini <enrico@enricozini.org>
- Re: So I received a gpg-signed email, can I trust it?
  - From: Simon Richter <sjr@debian.org>
- Re: So I received a gpg-signed email, can I trust it?
  - From: Enrico Zini <enrico@enricozini.org>

Prev by Date: Re: Installer of Debian Stable allows to use btrfs for /, does it mean it's mature enough to use safely?
Next by Date: Re: Installer of Debian Stable allows to use btrfs for /, does it mean it's mature enough to use safely?
Previous by thread: Re: So I received a gpg-signed email, can I trust it?
Next by thread: Re: So I received a gpg-signed email, can I trust it?
Index(es):
- Date
- Thread