[Beds] Thank You

David Pashley bedslug at davidpashley.com
Sat Jan 25 10:37:01 2003


=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 24 January 2003 23:13, Tom Chance wrote:
> > I use wwwkeys.eu.pgp.net. Seems to be good here.
>
> OK, still with Mozilla&enigmail here, I can get your key, and Kgpg shows
> your key in my list. Enigmail says that I have your key, it's a good
> signature, but it's untrusted. How do I tell it to trust you?
>
> Tom

You don't just yet. This will be explained at the key signing party/talk. I=
n=20
the mean time, read the gpg manual at http://www.gnupg.org/gph/en/manual.ht=
ml
There is more docs at http://www.gnupg.org/(en)/documentation/index.html

There are 2 different concepts of trust in PGP web-of-trusts. How much you=
=20
trust a key belongs to the person that says it does. You can check this by=
=20
swapping fingerprints and id. IMPORTANT: This is done at a face to face=20
meeting. Once you have checked the ID and the fingerprint you can sign the=
=20
other persons key.

The other trust concept is how much you trust someone else to understand th=
e=20
first issue and sign keys correctly. This is done using the trust command i=
n=20
gpg --edit-key.=20


IMPORTANT: Never sign a key without checking the key belongs to the owner. =
Did=20
I say that was important? =20

=2D --=20
David Pashley
david@davidpashley.com
Nihil curo de ista tua stulta superstitione.
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+MmioYsCKa6wDNXYRAsPpAJ4tr//OQKrtBL8/VAYYAyx8wZGLnwCcDhxY
oYoBf9RJW/YfO/1KIxt+tnI=3D
=3D8w9I
=2D----END PGP SIGNATURE-----