keyserver problems'

JanuszA.Urbanowicz JanuszA.Urbanowicz
Wed Jul 18 22:59:02 2001


Allie Martin wrote/napisał[a]/schrieb:

> signatures associated. Also, there's no way of verifying a clearsigned
> message without importing the public key of the sender. There are many
> times I wish to verify a message from someone whom I don't frequently
> receive messages. It may be the only message that I receive from the
> particular sender. To verify the signature I have to first import the key
> and then verify the signature. This is recipe for a very cluttered local
> public keyring.
You can't verify the signature regrardless of it being clearsigned or fnot, without having the sender public key because of way public key crypto works. Check the math, it is not that complicated. And verifying a signature without importing the key (if would possible with specifying of separate key) is incredibly stupid thing because without importing it you can't make trust calculation which defeats the purpose of the web of trust. See for example Schneier's Apllied Crypto definition of how it works. HTH, HAND. Alex -- Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary Gdy daję biednym chleb, nazywają mnie świętym. Gdy pytam, dlaczego biedni nie mają chleba, nazywają mnie komunistą. - abp. Helder Camara