Sun Mar 2 13:44:01 2003
At 21:37 2003-03-02 +1100, Peter Lavender wrote:
>As I currently understand it, the idea is to get my own key signed by
>others. Once my key is signed by someone else, they export it
They may export the signed key to a keyserver and anyone updating the key
from the keyserver will learn about the new signatures. You may download
your own key with the new signatures from the keyserver as welll.
>send it back to me, at which point I import it.
And you should send your key to a keyserver to let everybody know about the
>Now their signature
>is included when I sign emails.
NO, their signature is not included when you sign. It's added to the public
key and is always visible, weather you sign something or not.
>This how the WoT works isn't it?
>It seems to make sence to me, otherwise if my key is signed and never
>sent to me, how will anyone else who recieves a signed email from me
>know who else trusts my signature?
The receiver sets a trust according to first hand knowledge about your key
or according to signatures from others he trusts. If the receiver hasn't
put any trust into your key he will get a message like "there is nothing
that implies that the key belongs to the owner".