valid sig, invlalid key?
L. Sassaman
rabbi@quickie.net
Mon, 28 Aug 2000 21:34:05 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GnuPG "gripes" about this as well, as it should. If you haven't verified
that the key belongs to the owner, what does it matter if the signature is
good?
This is the correct behavior.
On Mon, 28 Aug 2000, John Bacalle wrote:
> On Wed, Aug 23, 2000 at 05:06:36PM -0700, L. Sassaman wrote:
> -snip PGP gripes about unknown validity of signator's key, \
> but, GnuPG does not-
>
> > That means that the key that produced the signature is not known to be
> > valid. In otherwords, it isn't signed be a trusted key.
>
> GnuPG not griping this way is not bad policy, I gather. PGP's action
> here is considered hand-holding and a bit annoying, yes?
>
> John
>
> --
> John Bacalle
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
__
L. Sassaman
Security Architect | "We all want many things,
Technology Consultant | but some of those are bottomly
| destructive of all desires."
http://sion.quickie.net | --Vernor Vinge
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE5qz1FPYrxsgmsCmoRAo+vAJ9XVa9n+85CguUHtlmNeusdsH6ZEwCfYmRU
JlcMxi6cKPu2thrdalTea+U=
=ZIMB
-----END PGP SIGNATURE-----
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org