[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG and Signing

On Sun, 1 Apr 2007 09:35:19 -0400
Michael Pobega <pobega@gmail.com> wrote:

Hello Michael,

> gpg: Good signature from "Andrei Popescu <andreimpopescu@gmail.com>"
> gpg: WARNING: This key is not certified with a trusted signature!
> Looks like it should work to me; 70859BD9 is the same ID, no?

Yes, you've got the right key, and it *has* verified.  However, since
Andrei's key is not included in your web-of-trust, GPG gives the
warning.  A valid signature != a trusted signature.

You can edit the trust levels of people's keys, but until you can
ascertain that the key belongs to whoever claims ownership, you can't
be certain you've got the right person.  Look at
http://www.rubin.ch/pgp/weboftrust.en.html for an explanation of trust

AFAIAA, no-one has verified my PGP key as held by the key-servers.  If
they have, I'd be suspicious, because nobody has ever contacted me to
verify my ID.

 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"

Life goes quick and it goes without warning
Bombsite Boy - The Adverts

Attachment: signature.asc
Description: PGP signature

Reply to: