<<< Date Index >>>     <<< Thread Index >>>

Re: i think my gpg is setup correctly..



hi!

what you put in your sig is your fingerprint. i didn't check your config but my 
gpg could check your key from within mutt without problems. you can never trust 
a key, if you don't know the person and got the key-id and the fingerprint 
personally by him or her on a sheet of paper, thus gpg correctly tells you, 
that 
it can't confirm the validity of a key. sometimes people even use expired keys 
- 
but the message you got on your screen should be different from that in the  
first case. finally, some people don't upload there key or you didn't configure 
gpg/mutt to download it, so the key can't be checked. that's what i know. *g*

in your muttrc you can set something like my_hdr X-PGP-Key: 
http://www.unet.univie.ac.at/~a0008351/pubkey.asc - that's what i use. i don't 
know why people do that - i just do it for fun (like with my other headers), 
but 
some consider that spam or too much trafic - so be careful. *smile*
maybe people think, that the validity of a key grows by putting it on as many 
places as possbile - which may have its justification. but that's open for 
flames. :-)
just as your key could be changed when your mail is cought on a server, your 
signature or haeder could be cought. being paranoic makes no sense here, i 
guess. on the other hand, using signatures encourages others to do so, too, and 
then you could communicate via encrypted mail - just as you would normally do 
when sending a letter to someone, but more secure. :-)

cheerio
/pablo

-- 
Pablo Hoertner                       | LONG LIVE THE RED PENGUIN AND THE
http://www.redtux.at.tf/contact.html | SOCIALIST WORKERS' WORLD REVOLUTION!

Attachment: signature.asc
Description: Digital signature