hi! what you put in your sig is your fingerprint. i didn't check your config but my gpg could check your key from within mutt without problems. you can never trust a key, if you don't know the person and got the key-id and the fingerprint personally by him or her on a sheet of paper, thus gpg correctly tells you, that it can't confirm the validity of a key. sometimes people even use expired keys - but the message you got on your screen should be different from that in the first case. finally, some people don't upload there key or you didn't configure gpg/mutt to download it, so the key can't be checked. that's what i know. *g* in your muttrc you can set something like my_hdr X-PGP-Key: http://www.unet.univie.ac.at/~a0008351/pubkey.asc - that's what i use. i don't know why people do that - i just do it for fun (like with my other headers), but some consider that spam or too much trafic - so be careful. *smile* maybe people think, that the validity of a key grows by putting it on as many places as possbile - which may have its justification. but that's open for flames. :-) just as your key could be changed when your mail is cought on a server, your signature or haeder could be cought. being paranoic makes no sense here, i guess. on the other hand, using signatures encourages others to do so, too, and then you could communicate via encrypted mail - just as you would normally do when sending a letter to someone, but more secure. :-) cheerio /pablo -- Pablo Hoertner | LONG LIVE THE RED PENGUIN AND THE http://www.redtux.at.tf/contact.html | SOCIALIST WORKERS' WORLD REVOLUTION!
Attachment:
signature.asc
Description: Digital signature