valid sig, invlalid key?
Mon, 28 Aug 2000 21:34:05 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
GnuPG "gripes" about this as well, as it should. If you haven't verified
that the key belongs to the owner, what does it matter if the signature is
This is the correct behavior.
On Mon, 28 Aug 2000, John Bacalle wrote:
> On Wed, Aug 23, 2000 at 05:06:36PM -0700, L. Sassaman wrote:
> -snip PGP gripes about unknown validity of signator's key, \
> but, GnuPG does not-
> > That means that the key that produced the signature is not known to be
> > valid. In otherwords, it isn't signed be a trusted key.
> GnuPG not griping this way is not bad policy, I gather. PGP's action
> here is considered hand-holding and a bit annoying, yes?
> John Bacalle
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to email@example.com
Security Architect | "We all want many things,
Technology Consultant | but some of those are bottomly
| destructive of all desires."
http://sion.quickie.net | --Vernor Vinge
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
-----END PGP SIGNATURE-----
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org