Troubleshooting signatures
Robert J. Hansen
rjh at sixdemonbag.org
Sat Apr 25 16:50:53 CEST 2009
allen.schultz at gmail.com wrote:
> First. Does the trust warning screw up FireGPG's signature validity or
> am I missing something else? Second, is this the normal reaction from
> GnuPG v1.4.9?
Can't answer re: FireGPG. However, this is _a_ normal reaction, but not
_the_ normal reaction.
If you got a signature that purported to be from obama at whitehouse.gov,
and it was signed with a key that purported to be from
obama at whitehouse.gov, would you actually believe it was from President
Obama? Or would you say, "wait a minute, /anyone/ can pretend to be
/anyone/ on the internet, I need some confirmation before I'll actually
believe the President is sending me an email"?
That's what GnuPG is warning you about. There is no evidence the key
really belongs to the person it claims to whom it claims to belong.
Maybe it does, maybe it doesn't, there's no evidence either way.
More information about the Gnupg-users
mailing list