Houston, we have a problem
Robert J. Hansen
rjh at sixdemonbag.org
Thu Sep 21 23:06:18 CEST 2017
> Do i understand you right, i validate Werner's pub key and when
> i get a signed email from Erika Mustermann the sig should be then
> o.k. from her, because i signed Werner's key?
No. When you see something claiming to be Werner's sig on Erika's
certificate, ask yourself:
* Is it correct?
* Does the signing cert really belong to Werner?
* Do you trust Werner?
If you can positively answer all three questions 'yes', then you should
trust it. Otherwise, you shouldn't.
More information about the Gnupg-users
mailing list