MIME or inline signature ?

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Saturday 14 February 2015 at 10:05:24 PM, in
<mid:54DFC6A4.8070302 at mailbox.org>, Stephan Beck wrote:


> Well, it's rather a precautionary measure than an
> actual security measure, , reminding me of not trusting
> the key owner's ability to handle and verify signatures
> correctly, if he/she uses a signature no one has the
> chance to check because the information about the
> public key's location isn't indicated by its owner in
> his/her very message.

When I check the signature of the first message in this thread
(Message-ID: <m0vbj6n3xy.fsf at kcals.intra.maillard.im>), GnuPG fetches
Xavier's key from a keyserver. I don't see why information about a
public key's location would need to be indicated for a key that is on
the keyservers. That said, Xavier's message kludges contain the key-id
and fingerprint, as well as a link to the lookup of that key on a
keyserver (wwwkeys.pgp.net, which seems to be down at the moment).



> I assigned the "I do not trust
> him" attribute to the first key he used in a previous
> message.

> Or was your comment directed to the owner of the key?
> Now, I am not quite sure about that...

No, I was asking what you meant by "I have assigned your key a
non-trust attribute". From your reply, I see you mean Trust setting
number 2 "I do NOT trust". On my keyring, my own keys have a 5 "I
trust ultimately" and all other keys have the default. (I presume not
setting trust on a key is the same as setting 1 "I don't know or won't
say".)


- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

Oven mitt: A partially charred grease stain that fits over the hand.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJU4I2aXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwOZ4H/RqcwizzvB9sVLp0IpfU+Q9C
pt6HtthvYU2Zp0bjA2O3ApAkjbp3zaY7hycKce0gUGTuyE/kg9gym6wU9n0qhLy0
x52fGr67zHyit0NnPnWf1Un/gZFQN/AdtjbNANYu7AAY0KlR8nGBJ7q7ljxx7Ecg
IS0TzU5Umk89JDW4ch8ZJA240AjpQDHhyiMYrQu9vcKget0giXBKQuxAE9nX22oY
710G4PXSM8KysoyMABGS+zxXw/7lL5D7DSsYE1XuCJk/rXeXuGLJ+GcJimMpZLUk
QisvC384Ya4co+YcCrUYIGbDGqfKj59jz63raqcU6uOWDQu/+z6ae3PWraTLdqKI
vgQBFgoAZgUCVOCNp18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45FQrAQC3aO01dRIVTAkh+31Tc1MoN/SU
XdoVDu93UaoxN5uWFgEA9EbORCdCTyekswKRSUXbaamDiIO0sNLBAD+1/LEAYQg=
=Ybmh
-----END PGP SIGNATURE-----