Re: OT: More about GPG signing

[Camaleón <noelamac@gmail.com>]

On Thu, 10 May 2012 16:14:12 +0100, Tony van der Hoff wrote:

> So, this message was signed.
> 
> Having recently installed enigmail, to see what all the fuss is about in
> the other thread. I find I'm at a loss to understand how to interpret
> this.

(...)

> A093C263 gpg: Can't check signature: public key not found

(...)

> Am I expected to go to some keyserver to find the sender's public key?

It should be done automatically.

> How, 

By choosing a server from where to lookup the public keys.

> where, 

>From Enigmail configuration settings.

> why?

To validate the signature. Note that a validated signature is not a 
verified signature (user's signature can be "valid" but not "trusted").

> Maybe I've not set up Enigmail correctly?

Maybe.

Docs and FAQs can be found here:

http://enigmail.mozdev.org/home/index.php.html

> Alternatively, should I just ignore the signature, 

Yes, but then why is that you installed Enigmail, what's your purpose?

> in which case why is the sender polluting the list with useless crap?

The sender is not "polluting" the list, it's the recipient who has to 
know how to deal with signatures... should he/she wants.

Greetings,

-- 
Camaleón