Houston, we have a problem

Stefan Claas stefan.claas at posteo.de
Thu Sep 21 23:24:48 CEST 2017


On Thu, 21 Sep 2017 17:06:18 -0400, Robert J. Hansen wrote:
> > Do i understand you right, i validate Werner's pub key and when
> > i get a signed email from Erika Mustermann the sig should be then
> > o.k. from her, because i signed Werner's key?  
> 
> No.  When you see something claiming to be Werner's sig on Erika's
> certificate, ask yourself:
> 
> 	* Is it correct?
> 	* Does the signing cert really belong to Werner?
> 	* Do you trust Werner?
> 
> If you can positively answer all three questions 'yes', then you
> should trust it.  Otherwise, you shouldn't.

I can only say now i don't know if i should ever "trust" signatures
again on someone else's pub key, because in the past i have had only
communicated with people i did not know personally. And with
Erika's key example while trusting Werner's key i don't like the
idea when clicking in the Web interface on Werner's key-id that
it leads to Werner's key. That's all what i can say now. I better
should start now using my class3 S/MIME certificate...

Regards
Stefan


-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas



More information about the Gnupg-users mailing list