On Saturday 11 November 2006 04:36, Boyan Tabakov wrote: > On 11.11.2006 11:26, Pavel Troller wrote: > > > Just one more comment... I have seen quite many public keys that are > > > actually not signed by anybody else (only their owner). Now these mean > > > and prove absolutely nothing (see above), so I don't know why these > > > people are even using them. > > > > Hi! > > It's simple: When you know somebody personally, he/she can give you > > his/her key on a disk/flash/paper/whatever, and you are SURE that it's > > his/her key. So you can then verify that the mail you've just received > > really comes from him/her, and not from anybody else. > > When you don't know a person writing signed mails, it's irrelevant for > > you whether the mail from him/her is genuine or faked, either. So you can > > trust the key obtained from the public keyserver or not, it's not so much > > important. Just think about it as that the person is signing the mail not > > for you, but for those, which know him/her personally and which are > > interested in receiving just the real mails from him/her. > > With regards, Pavel Troller > > Yes, but the idea is that those, who trust you show this by signing your > key, so that all people can know those guys trust you. This way it becomes > a "web of trust"... There were thousands of keys reachable from my key and > clearly I don't know all these guys. There are even quite some guys writing > in this mailing list! If there are not many hops in between, I can be > pretty sure of their identity and so choose to trust their signatures. > Without people signing each other's keys, this could never happen! I do need to clear something up here.... While Boyan is right that GPG/PGP is meant as a web of trust, the comment from the other gent saying that the key may have been munged by a mail server IS a possibility. For a long time Yahoo's mail servers would munge the signature MIME-Encoding causing all verifications to fail. There are others that do as well. From what I can tell it's something to do with the anti-virus solution installed on the mail server being used in conjunction with the release of the mail server software. -- Gary L. Greene, Jr. Sent from: uriel.tolharadys.net 09:17:48 up 13:04, 4 users, load average: 0.02, 0.06, 0.01 ========================================================================= Volunteer Developer for the PhoeNUX OS open source project See http://www.phoenuxos.com/ for more information ========================================================================= Please avoid sending me Word or PowerPoint attachments.
Attachment:
pgp80fnCp1b3W.pgp
Description: PGP signature
___________________________________________________ This message is from the kde mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.