Questions regarding "Web of Trust"
Sun Nov 3 18:32:03 2002
Content-Description: signed data
On Friday 01 November 2002 06:48, Alexandros Papadopoulos wrote:
> On Friday 01 November 2002 00:24, Lionel Elie Mamane wrote:
> > If it does so, it is broken. It makes sense to accept only _valid_
> > keys (or have a big fat warning and user confirmation for invalid
> > keys), but not to ask owner trust for encrypting to a key.
> That's the only thing KMail asks from the user, making a minimal
> check (say, a fingerprint), and then signing the key localy. You do
> not have to place any explicit trust on the key you want to encrypt
> with. You just sign it and mark it as non-exportable (--lsign), and
> KMail is fine with that.
But please note that this is only mentioned as workaround for encrypting
messages with keys where you can't check the identity of the person
mentioned in the user id of the key yourself.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----