On 03/20/2011 17:19, Jonathan Ely wrote: > It can be complicated; it is for me since I am still new to this. I only > ‘trust fully’ those keys who come from people who I think would not fake > identity, or have no reason not to be trusted fully. Is it unwise to > trust anybody's key fully even if you are confident they would never > ‘spoof’ another's key? I never even thought of doing what you did; I > just leave everything as ‘untrusted good signature’ unless if it is > somebody with whom I am familiar. thanks for the note!! have you tried to download my signature from the server? it should work.... it ought to work...
i agree with you on the trust matter. it's fun to experiment though-- and-- it's how we learn!! all i did was to simply delete your key from my keyring -- using the excellent pgp/key manager that is built into THUNDERBIRD. following that you go back to your original no key found condition and i can try another test but you are completely right: you have NO REASON to trust MY key -- unless somone YOU trust to VERIFY keys signs my key for you. this is what a Certificate Authority is supposed to do but to this date I remain concerned that most of the CA certificates in our browsers are just loaded there by someone-- i have no clue why i would think they are valid. thoughts? -- /MIKE
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
