Re: about pgp-signed messages

To: mutt-users@xxxxxxxx
Subject: Re: about pgp-signed messages
From: Aron Stansvik <elvstone@xxxxxxx>
Date: Wed, 5 Nov 2003 00:15:38 +0100
In-reply-to: <20031104225318.GJ20278@xxxxxxx>
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-users@xxxxxxxx
References: <20031104174344.GA26248@xxxxxxxxxxxxxxxxxx> <20031104183320.GD20278@xxxxxxx> <20031104202135.GA4769@xxxxxxx> <20031104213950.GG20278@xxxxxxx> <20031104220641.GA11495@xxxxxxx> <20031104225318.GJ20278@xxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.4i

On Tue, Nov 04, 2003 at 05:53:19PM -0500, David Yitzchak Cohen wrote:
> On Tue, Nov 04, 2003 at 11:06:41PM +0100, Aron Stansvik wrote:
> 
> > > That looks about right.  You may wanna just DL the getkeys script
> > > (that I got a while ago from somebody else on this list) from me [1].
> > > It allows you to search multiple keyservers.
> > 
> > Ok, great, where can I find this script? [1] <-- Was that supposed to
> > reference a side note, I can't find any :(
> 
> Well, yeah ... I kinda discovered that while reading my post over. . .
> 
> > > > Verification of your signature fails on my setup,
> > > 
> > > as indeed it should, since I've never posted my key to a keyserver,
> > > and nobody else has posted my key to a major keyserver
> > 
> > Ok, now I downloaded and imported your key into my keyring, and the the
> > signature was Good, but gpg warns me this key is not certified with a
> > trusted signature.
> 
> In other words, nobody else has signed my key, so you have no reason to
> believe that I'm whom I claim to be.

Okay.

> > Sorry if my questions are stupid, but I'm new to PGP;
> > how can I certify your key with a trusted signature,
> 
> If your question pertains to "can," you _can_ just sign my key yourself,
> and the warning will go away.

I sense that you don't recommend me to sign your key just like that? Am
I right?

> > or is this
> > something that you should do?
> 
> Certifying my own key is rather useless: it's basically saying that
> I certify that I'm myself.  If I weren't prepared to certify that I'm
> myself, why would I claim to be myself in the first place? ;-P

Ok, I see logic.

> > Should this not be done unless we meet
> > personally or verify something over a secure phone line?
> 
> If your question pertains to "should," then the answer is what you
> have above, plus the possibility that if you can find somebody else you
> trust to tell you this kind of stuff and who's willing to certify that
> I'm myself, then you don't have to directly verify that I'm myself.
> That's called the web of trust.

Ok, hm, then it seems I have no web of trust to make me trust you are
who you say you are, but thanks for your help.. whoever you are :)

Best regards,
Aron Stansvik

--
unemployed

Attachment: pgpypZDNRLejE.pgp
Description: PGP signature

Follow-Ups:
- Re: about pgp-signed messages
  - From: David Yitzchak Cohen

References:
- about pgp-signed messages
  - From: Rouben Rostamian
- Re: about pgp-signed messages
  - From: David Yitzchak Cohen
- Re: about pgp-signed messages
  - From: Aron Stansvik
- Re: about pgp-signed messages
  - From: David Yitzchak Cohen
- Re: about pgp-signed messages
  - From: Aron Stansvik
- Re: about pgp-signed messages
  - From: David Yitzchak Cohen

Prev by Date: Re: about pgp-signed messages
Next by Date: Re: about pgp-signed messages
Previous by thread: Re: about pgp-signed messages
Next by thread: Re: about pgp-signed messages
Index(es):
- Date
- Thread