Grant Olson kgo at
Sun Mar 20 22:39:41 CET 2011

On 03/20/2011 05:29 PM, Mike Acker wrote:
> On 03/20/2011 17:19, Jonathan Ely wrote:
>> It can be complicated; it is for me since I am still new to this. I only
>> ‘trust fully’ those keys who come from people who I think would not fake
>> identity, or have no reason not to be trusted fully. Is it unwise to
>> trust anybody's key fully even if you are confident they would never
>> ‘spoof’ another's key? I never even thought of doing what you did; I
>> just leave everything as ‘untrusted good signature’ unless if it is
>> somebody with whom I am familiar.
> thanks for the note!! have you tried to download my signature from the
> server? it should work.... it ought to work...
> i agree with you on the trust matter. it's fun to experiment though--
> and-- it's how we learn!!
> all i did was to simply delete your key from my keyring -- using the
> excellent pgp/key manager that is built into THUNDERBIRD. following that
> you go back to your original no key found condition and i can try
> another test
> but you are completely right: you have NO REASON to trust MY key --
> unless somone YOU trust to VERIFY keys signs my key for you. this is
> what a Certificate Authority is supposed to do but to this date I remain
> concerned that most of the CA certificates in our browsers are just
> loaded there by someone-- i have no clue why i would think they are valid.
> thoughts?

Hate to complain, but I'm only seeing one side of this conversation on
the mailing list.  I originally thought Mike posted the first message
accidentally.  Please keep it all on-list or all off-list, or it makes
no sense to the rest of us.



"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/5d24cdee/attachment-0001.pgp>

More information about the Gnupg-users mailing list