Questions regarding "Web of Trust"

Alexandros Papadopoulos apapadop@cmu.edu
Fri Nov 1 06:48:03 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 01 November 2002 00:24, Lionel Elie Mamane wrote:
> On Thu, Oct 31, 2002 at 03:06:40PM +0100, Armin Herbert wrote:
<snip>
> > Because I had problems with KMail (either it's only accepting
> > ultimately trusted keys for encrypting mail or it also wants a high
> > owner trust value to do so, I'm not quite sure yet)
>
> If it does so, it is broken. It makes sense to accept only _valid_
> keys (or have a big fat warning and user confirmation for invalid
> keys), but not to ask owner trust for encrypting to a key.

That's the only thing KMail asks from the user, making a minimal check=20
(say, a fingerprint), and then signing the key localy. You do not have=20
to place any explicit trust on the key you want to encrypt with. You=20
just sign it and mark it as non-exportable (--lsign), and KMail is fine=20
with that.

- -A
- --=20
http://andrew.cmu.edu/~apapadop/pub_key.asc
3DAD 8435 DB52 F17B 640F  D78C 8260 0CC1 0B75 8265
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9whWpgmAMwQt1gmURAlP6AJ9/230yFL30AEhmh9Z6G70I59dm2ACfa05W
vVbn0auIZgOXQBXo5YzE3lc=3D
=3DIeJY
-----END PGP SIGNATURE-----