[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG and Signing

Brad Rogers writes:
> Yes, you've got the right key, and it *has* verified.  However, since
> Andrei's key is not included in your web-of-trust, GPG gives the warning.
> A valid signature != a trusted signature.

Such signatures can serve a useful purpose, though.  You may not have a
trust path to him but you can be fairly sure that all messages with that
signature came from the same person.

> If they have, I'd be suspicious, because nobody has ever contacted me to
> verify my ID.

"ID" is a slippery concept.  What does it mean to "know who someone is"?
-- 
John Hasler
Reply to: