Use of public key servers

Dennis Lambe Jr. malsyned at
Tue Apr 13 03:56:10 CEST 2004

On Thu, 2004-04-08 at 22:04, Russell Valentine wrote:
> 1) You can't prove a key from the public key server is really that 
> persons public key, you still have to validate it some way. So you can 
> get the key personally from that person in some way and at that time 
> validate the key. Instead of using the key even thought it might not be his.

This isn't always true.

If someone signs your key, what they're doing is asserting "This key
belongs to the person named in the ID."  From then on, as long as
someone trusts one of your key's signers, they can trust your key that
they downloaded from the public server.

At some point, someone will have to have used an out-of-band method to
verify someone else's key, but that person doesn't have to be you or I,
just someone one of us knows and trusts, or someone that someone one of
us trusts trusts, or...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 279 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20040412/531ae802/attachment.bin

More information about the Gnupg-users mailing list