Mike Acker Mike_Acker at
Sun Mar 20 22:29:03 CET 2011

On 03/20/2011 17:19, Jonathan Ely wrote:
> It can be complicated; it is for me since I am still new to this. I only
> ‘trust fully’ those keys who come from people who I think would not fake
> identity, or have no reason not to be trusted fully. Is it unwise to
> trust anybody's key fully even if you are confident they would never
> ‘spoof’ another's key? I never even thought of doing what you did; I
> just leave everything as ‘untrusted good signature’ unless if it is
> somebody with whom I am familiar.
thanks for the note!! have you tried to download my signature from the
server? it should work.... it ought to work...

i agree with you on the trust matter. it's fun to experiment though--
and-- it's how we learn!!

all i did was to simply delete your key from my keyring -- using the
excellent pgp/key manager that is built into THUNDERBIRD. following that
you go back to your original no key found condition and i can try
another test

but you are completely right: you have NO REASON to trust MY key --
unless somone YOU trust to VERIFY keys signs my key for you. this is
what a Certificate Authority is supposed to do but to this date I remain
concerned that most of the CA certificates in our browsers are just
loaded there by someone-- i have no clue why i would think they are valid.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/7638f7dd/attachment.pgp>

More information about the Gnupg-users mailing list