Questions regarding "Web of Trust"
Ingo Klöcker
ingo.kloecker@epost.de
Sun Nov 3 18:32:03 2002
--Boundary-02=_yrVx9DCEqodJZCu
Content-Type: text/plain;
charset="iso-8859-7"
Content-Transfer-Encoding: 7bit
Content-Description: signed data
Content-Disposition: inline
On Friday 01 November 2002 06:48, Alexandros Papadopoulos wrote:
> On Friday 01 November 2002 00:24, Lionel Elie Mamane wrote:
> > If it does so, it is broken. It makes sense to accept only _valid_
> > keys (or have a big fat warning and user confirmation for invalid
> > keys), but not to ask owner trust for encrypting to a key.
>
> That's the only thing KMail asks from the user, making a minimal
> check (say, a fingerprint), and then signing the key localy. You do
> not have to place any explicit trust on the key you want to encrypt
> with. You just sign it and mark it as non-exportable (--lsign), and
> KMail is fine with that.
But please note that this is only mentioned as workaround for encrypting
messages with keys where you can't check the identity of the person
mentioned in the user id of the key yourself.
Regards,
Ingo
--Boundary-02=_yrVx9DCEqodJZCu
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA9xVryGnR+RTDgudgRAitgAKDKIJcd2gErDWHKF4VhiRJExuWkrACfREEV
vw3W1smxwRdi7agabPV0f+Y=
=LS1t
-----END PGP SIGNATURE-----
--Boundary-02=_yrVx9DCEqodJZCu--