Web-of-trust

[Shawn K. Quinn]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday November 1 2002 17:30, David F. Newman wrote:
> Hi there,
> I'm still trying to wrap my brain around this web-of-trust
> concept.  I verify the validity of another user's public
> key and I sign it?  So know I am saying that I trust this
> person because their key is signed with my secret key.

No, you are certifying this key belongs to the userid on it; signatures=20
say nothing about how much you trust the person the key belongs to,=20
only that the key belongs to that person.

> How do I send the signature back to the user?  I don't
> see a way to export the signature.  Do I export the public
> key and email it back and my signature gets merged
> back into their key ring?=20

Yes, the signatures are considered part of the key when exporting.

> And what about keyservers? Does re-adding a public key with additional=20
> signatures update the entry in the keyserver?

Yes.

- --=20
Shawn K. Quinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9wxX+QVXDBVmaIp0RAgj1AJ9yQqC6xuT0R0iJjRAC6dZsTgC69ACfQ3vw
VcqBIiQcYwFKWR+GaT0iEJk=3D
=3DWahX
-----END PGP SIGNATURE-----