valid sig, invlalid key?

David Turley dturley@pobox.com
Wed, 23 Aug 2000 20:21:31 -0400 (EDT)


Wow! In less than 30 minutes I receive multiple answers and get the guy off
my back!

Thank you all.

On 24-Aug-2000 Frank Tobin wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David Turley, at 19:47 -0400 on Wed, 23 Aug 2000, wrote:
>
>> *** PGP Signature Status: good
>> *** Signer: My Company <me@mycompany.com> (Invalid)
>> *** Signed: 8/23/2000 10:39:46 AM
>> *** Verified: 8/23/2000 4:20:59 PM
>> *** BEGIN PGP VERIFIED MESSAGE ***
>>
>> The message verifies as good, but what's the (Invalid) message?
>
> While I personally haven't used PGP in years, "Invalid" is likely PGP's
> terminology for something being "not validated"; that is, the receiving
> end has not validated through the Web Of Trust that the key actually
> belongs to "My Company".
>
> Personally, I really don't like term "invalid" in these scenarios, because
> "invalid" is not really the inverse of "valid"; "invalid" positively
> reflects something being corrupted, while "valid" positively reflects
> authenticity. The situation is more in the middle; "unknown validity".
>
> - --
> Frank Tobin http://www.uiuc.edu/~ftobin/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.2 (FreeBSD)
> Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
>
> iEYEARECAAYFAjmkaAoACgkQVv/RCiYMT6MiBACeKxXouAwT9XUh8+CZYpiaolGZ
> Ef8An3MTxY5fQbCvV0xwsHrXCWDDp154
> =N5Vo
> -----END PGP SIGNATURE-----
-- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org