On 11.11.2006 11:26, Pavel Troller wrote: > > Just one more comment... I have seen quite many public keys that are > > actually not signed by anybody else (only their owner). Now these mean > > and prove absolutely nothing (see above), so I don't know why these > > people are even using them. > > Hi! > It's simple: When you know somebody personally, he/she can give you > his/her key on a disk/flash/paper/whatever, and you are SURE that it's > his/her key. So you can then verify that the mail you've just received > really comes from him/her, and not from anybody else. > When you don't know a person writing signed mails, it's irrelevant for > you whether the mail from him/her is genuine or faked, either. So you can > trust the key obtained from the public keyserver or not, it's not so much > important. Just think about it as that the person is signing the mail not > for you, but for those, which know him/her personally and which are > interested in receiving just the real mails from him/her. > With regards, Pavel Troller Yes, but the idea is that those, who trust you show this by signing your key, so that all people can know those guys trust you. This way it becomes a "web of trust"... There were thousands of keys reachable from my key and clearly I don't know all these guys. There are even quite some guys writing in this mailing list! If there are not many hops in between, I can be pretty sure of their identity and so choose to trust their signatures. Without people signing each other's keys, this could never happen! -- Blade hails you... The 1st rock thrown again Welcome to hell, little Saint --Nightwish
Attachment:
pgpsQccNyL1i6.pgp
Description: PGP signature
___________________________________________________ This message is from the kde mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.