MIME or inline signature ?
2014-667rhzu3dc-lists-groups at riseup.net
Sun Feb 15 13:14:16 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 14 February 2015 at 10:05:24 PM, in
<mid:54DFC6A4.8070302 at mailbox.org>, Stephan Beck wrote:
> Well, it's rather a precautionary measure than an
> actual security measure, , reminding me of not trusting
> the key owner's ability to handle and verify signatures
> correctly, if he/she uses a signature no one has the
> chance to check because the information about the
> public key's location isn't indicated by its owner in
> his/her very message.
When I check the signature of the first message in this thread
(Message-ID: <m0vbj6n3xy.fsf at kcals.intra.maillard.im>), GnuPG fetches
Xavier's key from a keyserver. I don't see why information about a
public key's location would need to be indicated for a key that is on
the keyservers. That said, Xavier's message kludges contain the key-id
and fingerprint, as well as a link to the lookup of that key on a
keyserver (wwwkeys.pgp.net, which seems to be down at the moment).
> I assigned the "I do not trust
> him" attribute to the first key he used in a previous
> Or was your comment directed to the owner of the key?
> Now, I am not quite sure about that...
No, I was asking what you meant by "I have assigned your key a
non-trust attribute". From your reply, I see you mean Trust setting
number 2 "I do NOT trust". On my keyring, my own keys have a 5 "I
trust ultimately" and all other keys have the default. (I presume not
setting trust on a key is the same as setting 1 "I don't know or won't
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Oven mitt: A partially charred grease stain that fits over the hand.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users