-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't recall whether the signature at issue was signed with PGP,
GnuPG or another program. With PGP, and probably with other
approaches that utilize a public key infrastructure, validity refers
to a level of "trust." An "invalid" signature is one for which the
applicable public key has not been given an attribute of
trustworthiness. Unless one *knows* with a very high degree of
certainty that the public key has not been tampered with, that it was
generated by the key owner, and that the key owner is who he/she/it
purports to be, then there is no reason to endow a key with "trust;"
consequently, invalid signatures are not uncommon. There are a
number
of practical ways of dealing with the trust issue, including
inheriting trust from other key signers, verifying accuracy through
personal or telephonic confirmation, and key fingerprints. Probably
more, but I've just hit the ceiling on my understanding of PKI.
Thursday, September 13, 2001, 1:11:26 PM, you wrote:
RO> Your message (as it appeared on my screen) went accompanied by an
RO> attachment called "Invalid Signature". What's the meaning of such
RO> an attachment stating that the message was altered?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBO6EasOH2IGJNcAawEQLv6gCeNTMXyOW2YT94du+xlN8rQHJrQ28AoOwI
cOeSUwaIwIN8PKtMMaYYCY9o
=fd6g
-----END PGP SIGNATURE-----
--
________________________________________________________
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Latest Vers: 1.53d
