Verifying signatures via WWW interface

[Dmitri]

--=-gZHvrlblTtvpVcErg0oN
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-05-13 at 14:22, Toxik - Fabian Rodriguez wrote:

> I'd like to know if it's logical to offer to people to verify signatures =
of
> short texts via a web interface.

As long as you don't mind sending your plaintext over the network, and
telling anyone who cares to sniff the traffic what messages and who
receives, and from who, and when...

> I thought having public keys of the signers on a local keyring would be
> enough but GPG sends these warnings after displaying date and author
> information:
>=20
>   Could not find a valid trust path to the key.  Let's see whether we
>   can assign some missing owner trust values.
>=20
>   No path leading to one of our keys found.
>=20
>   gpg: WARNING: This key is not certified with a trusted signature!
>   gpg:          There is no indication that the signature belongs to the
> owner.

You need to sign the public key of that other person. It will tell GnuPG
that you believe that the key belongs to that person. You should find
more detailed explanations in many places, such as www.gnupg.org ...

Dmitri


--=-gZHvrlblTtvpVcErg0oN
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA84DM9XksyLpO6T4IRAmonAJ4vxm2ezpDKvIxCoQWIbMHdM/gvvgCeIy/K
Wy9CSIJMcJaEZIWAGLcvOqs=
=geGL
-----END PGP SIGNATURE-----

--=-gZHvrlblTtvpVcErg0oN--