signing a robot's key - was: Re: Global Directory signatures

Atom 'Smasher' atom at suspicious.org
Thu Dec 30 22:12:45 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 30 Dec 2004, David Shaw wrote:

> Both GnuPG and PGP do more or less the same thing here.  You can import 
> keys freely, but such keys will remain invalid until there is a valid 
> trust path to the key.  Invalid keys are usable, but you get some 
> variation of the "are you sure?" message before you can use the key.
====================

i don't recall PGP(tm) having the option of "are you sure" for an unsigned 
key, but i didn't spend much time with it. i was left with the impression 
that the key couldn't be used unless it had a signature.


> If there is no valid trust path to the key, and you want to make it 
> valid (say, if you want to trust signatures issued by it, as in the case 
> of the GD key), then you need to sign or locally sign the key yourself. 
> PGP's "Sign" command actually defaults to local signing. You need to 
> make an explicit action (check a check box) to make it a regular 
> exportable signature.  Note that I'm speaking about PGP 8 here, though I 
> seem to recall that PGP 7 was the same.
=====================

one can also use edit-key and assign ultimate trust to a key, which will 
make it trusted without a signature.


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Think of the press as a great keyboard on which the
 	 government can play."
 		-- Joseph Goebbels, Nazi Propaganda Minister.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJB1G9TAAoJEAx/d+cTpVcijSoIAJL+DpUKfgvY81eX+CaD/vu6
JhSW23Oa6zp3YKmO6WKnKuAEEJphrsOa38A00Jds66mXvofzFDymHR11GvCFimMW
vG0+4TLtv7Kr/yCPXob+7X+K8V6BvSl0HcoSojJKCqLP5f1oULCDhBKh3+/wnnEM
ndeJqW2tCvX79bu2zhPKgxP4v/eeumPAZjFcq7yg1J1455MqSXCKb9eDHyMw80Ea
6dgqw6N02R3SXVLwte/Oy645v8XgHv4eNxwlY/jaOQV50U1r/an4pEZvpqu2KT94
iUnLMyFKHXiqQQlbdkEedCy2DOvX+/oDu4+vITkgFqlBB+Hr79V7qL5a7h29BuQ=
=/O5Q
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list