How trust works in gpg...
Faramir
faramir.cl at gmail.com
Mon May 5 12:46:40 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> David Shaw escribió:
> .....
> If someone wants to sign your key, you then end up with:
>
> KEY + UID + SELFSIG + SIG
>
> So SELFSIG is you saying "I bind this KEY and UID together", and SIG
> is the other person saying "Me too".
>
> If you add another UID at this point, you have:
>
> KEY + UID + SELFSIG + SIG + UID + SELFSIG
>
> Now, note that the other person hasn't made any statement about
> whether the second UID is valid. YOU have, but then, it's your key:
> you can make any statement you like. It only becomes believable when
> someone else adds their "me too".
>
I was reading again this message, and I'd like to know: is there any
point about signing a key _but not giving any trusted status_ ?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJIHuWQAAoJEIISGkVDGUEOCIoIAJBWdfUWui/BFeXxt0yizeV1
Osz/O/JonZigQnX4vUkoeroPev4YSE59hIqam13ZQ71tpFFqdo+8mJnbF+hhQBq9
9Im6Cuk1TDiXE9mU9xwJ9klW7Ps0sidOk/cfbX2pE91SL/AJpZjZCgjJ6suxjttv
93YnohGtwUp92ScCWAmn4x/kf1yjOb2hGzK1oi52nMyQGFLg5wCjsIafEcO33zKI
eD90jIcjcuZEWKleIHW9sMc778HrZ3tnVJEhnFoTKr5KHSuxZ5YoPwAJH2Y4lzbA
sDYp52aVN57H/7l/22M6fLj2/CZVkS05gn7ToH4mR0DuJ4PeI5uukc/wnZr19mg=
=Yr4Q
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list