[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg implying potential tampering trouble...

On Tue, Dec 10, 2002 at 08:00:03PM -0800, alan brown wrote:
> gpg: Warning: This key is not certified with a trusted signature.
> gpg: There is no indication that the signature belongs to the owner.

You should probably read up on some of the concepts behind the "web of
trust".  The GNU Privacy Handbook
(http://www.gnupg.org/gph/en/manual.html) is a fairly good place to

Basically what gpg is telling you is that the signature is valid, but it
has no way of knowing that the signature belonged to the person to whom
you expected it to belong.  Anybody can generate a gpg key with somebody
else's name and address on it.  It's up to you to determine whether or
not it's the right key.  gpg allows you to assign trust values to keys
based on a model that is similar to the "6 degrees of separation" that
sociologists use.

Lots of documentation is available and it will probably do a better job
of descibing the concept than I.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpBTbrfe7hbf.pgp
Description: PGP signature

Reply to: