begin quoting what Peter T. Abplanalp said on Mon, Apr 01, 2002 at 10:37:49AM -0700: > > just wondering why the non-standards-following option contains the word > traditional.
Because usage of PGP predates the establishment of standards. > helpfull and it sort of relates to mutt...what is the "accepted" > method for signing keys? i have heard everything from "don't sign a key > unless you got it on a floppy from the person and checked his/her id" to > "if the fingerprint in the signature matches, signing is ok." If you're using GnuPG, see the "lsign" option. If you're signing the key because you trust it, but aren't willing to put your name on the line to vouch for it, local-sign (lsign) it. If you are willing to put your reputation on the line as proclaiming the validity of the key, sign it, and send the owner a signed copy. Don't do that unless you're sure it's legit; and email ain't "sure".
msg26468/pgp00000.pgp
Description: PGP signature
