MIME or inline signature ?

Stephan Beck stebe at mailbox.org
Sun Feb 15 16:30:33 CET 2015


Am 15.02.2015 um 12:26 schrieb Ludwig Hügelschäfer:
> On 14.02.15 23:05, Stephan Beck wrote:
>
>> Well, it's rather a precautionary measure than an actual security
>> measure, , reminding me of not trusting the key owner's ability to
>> handle and verify signatures correctly, if he/she uses a signature
>> no one has the chance to check because the information about the
>> public key's location isn't indicated by its owner in his/her very
>> message. I assigned the "I do not trust him" attribute to the first
>> key he used in a previous message.
>
> You seem to have misunderstood what ownertrust is good for. Trusting
> an owner about placing his signatures is not about how she/he signs
> messages.
>
> It is about how carefully she/he checks identity and mail address
> before signing other keys. You can only judge that if you have seen
> her/him in real life doing that.


OK, I give you that, strictly speaking, it might not be the same, but at the
moment I had no other measure at hand to remind me of being careful with that
kind of event. And a bad signature event is not the ideal event for putting
trust in a key owner's identity at all.

Stephan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150215/7108e3bf/attachment.sig>


More information about the Gnupg-users mailing list