On Tue, Nov 04, 2003 at 11:06:41PM +0100, Aron Stansvik wrote: > > That looks about right. You may wanna just DL the getkeys script > > (that I got a while ago from somebody else on this list) from me [1]. > > It allows you to search multiple keyservers. > > Ok, great, where can I find this script? [1] <-- Was that supposed to > reference a side note, I can't find any :( Well, yeah ... I kinda discovered that while reading my post over. . . > > > Verification of your signature fails on my setup, > > > > as indeed it should, since I've never posted my key to a keyserver, > > and nobody else has posted my key to a major keyserver > > Ok, now I downloaded and imported your key into my keyring, and the the > signature was Good, but gpg warns me this key is not certified with a > trusted signature. In other words, nobody else has signed my key, so you have no reason to believe that I'm whom I claim to be. > Sorry if my questions are stupid, but I'm new to PGP; > how can I certify your key with a trusted signature, If your question pertains to "can," you _can_ just sign my key yourself, and the warning will go away. > or is this > something that you should do? Certifying my own key is rather useless: it's basically saying that I certify that I'm myself. If I weren't prepared to certify that I'm myself, why would I claim to be myself in the first place? ;-P > Should this not be done unless we meet > personally or verify something over a secure phone line? If your question pertains to "should," then the answer is what you have above, plus the possibility that if you can find somebody else you trust to tell you this kind of stuff and who's willing to certify that I'm myself, then you don't have to directly verify that I'm myself. That's called the web of trust. - Dave -- Uncle Cosmo, why do they call this a word processor? It's simple, Skyler. You've seen what food processors do to food, right? Please visit this link: http://rotter.net/israel
Attachment:
pgpHMjkWdFfqW.pgp
Description: PGP signature