On Tue, Dec 10, 2002 at 08:00:03PM -0800, alan brown wrote: > gpg: Warning: This key is not certified with a trusted signature. > > gpg: There is no indication that the signature belongs to the owner.
You should probably read up on some of the concepts behind the "web of trust". The GNU Privacy Handbook (http://www.gnupg.org/gph/en/manual.html) is a fairly good place to start. Basically what gpg is telling you is that the signature is valid, but it has no way of knowing that the signature belonged to the person to whom you expected it to belong. Anybody can generate a gpg key with somebody else's name and address on it. It's up to you to determine whether or not it's the right key. gpg allows you to assign trust values to keys based on a model that is similar to the "6 degrees of separation" that sociologists use. Lots of documentation is available and it will probably do a better job of descibing the concept than I. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
msg18295/pgp00000.pgp
Description: PGP signature
