Re: i think my gpg is setup correctly..
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Oct 21, 2003 at 11:33:16AM +0200, Pablo Hoertner wrote:
> hi!
>
> what you put in your sig is your fingerprint. i didn't check your config but
> my
> gpg could check your key from within mutt without problems. you can never
> trust
> a key, if you don't know the person and got the key-id and the fingerprint
> personally by him or her on a sheet of paper, thus gpg correctly tells you,
> that
> it can't confirm the validity of a key.
Actually, this is only half-true. Even though we've never met, you can
know that this message was sent by the same person who sent all the
other messages signed with my key. However, you have no evidence who
that person actually is. If we met in real life and I gave you my
public key, you could be fairly sure that the person sending you
messages was the person you met.
> sometimes people even use expired
> keys -
> but the message you got on your screen should be different from that in the
> first case.
In case this is referring to me, I lazily changed the expiry date on my public
key instead of creating a new one a while ago. Downloading it again
will confirm that, but it's a mistake I'm starting to regret :)
> finally, some people don't upload there key or you didn't
> configure
> gpg/mutt to download it, so the key can't be checked. that's what i know. *g*
> in your muttrc you can set something like my_hdr X-PGP-Key:
> http://www.unet.univie.ac.at/~a0008351/pubkey.asc - that's what i use. i
> don't
> know why people do that - i just do it for fun (like with my other headers),
> but
> some consider that spam or too much trafic - so be careful. *smile*
> maybe people think, that the validity of a key grows by putting it on as many
> places as possbile - which may have its justification. but that's open for
> flames. :-)
Also, it seems that not all keyservers get all keys. Now and then
someone tells me that they can't get my key. Putting it on my website
would be a nice alternative for those people.
A couple of other issues...
As you can see, I use the really old, nonstandard signing method on
mailing lists. It *is* horrible, but it's the only method that doesn't
make Outlook Express throw a fit. I realise there won't be that many OE
users reading this, but I've seen them on general Linux lists, so better
safe than sorry.
Finally, does anyone know how to insert newlines into the GPG signing
comment in the options file?
- Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: The following is method of proving my identity. For more information,
see http://www.gnupg.org. E-mail {andrew-go-away at ccl.bham.ac.uk} if you
don't want this.
iD8DBQE/lUQUUjUCivGf+MsRAnUJAJ9gGJNoCT7tcHtPOWlIrSvp+X9akgCgoljh
tFmgnuxPCqrrkbbLIJEBDxY=
=gWZe
-----END PGP SIGNATURE-----