-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Srbecky wrote: > Hello, > > I just installed GnuPG to Thunderbird, created a key pair and > uploaded it to a keyserver. I have expected to receive some mail > designed to verify that I really own the email address (similar to > the one that just received to subscribe to this list), but I did > not receive any. > > How can people know that I own the address if GnuPG did not check > it? > > > My next idea was that GnuPG is multipurpose cryptographic software > and I need to get some special signature verifying that I own > specific mail. I was looking for a way to accomplish that, but I > have not found any. > > Are there any servers/bots that can verify that I own mail and then > sign my key to certify that? > > > Regards, David Srbecky > > _______________________________________________ Gnupg-users mailing > list [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users > The understanding I have is that you have to establish trusts with people. All the keyserver does is shows that someone using your e-mail address signed the message. The individual who receives the e-mail has to establish trust for the key. They do that either by contacting you via another method for confirmation, or meeting you at a 'keysigning' where you establish a face to face with other people.
I'm relatively new to all of this myself, but I'm pretty sure I read that in the gnupg.org website. That would be your best source of information, short of other more experienced people replying here. Patrick Dickey. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC8/lulYHHywHZe7ARAr+dAJ41Oc2YTmTH2+QTPI1hGyrguD1mWwCfZ/XW cM4sWyXs9A7/2MmWUNICgWE= =ZxWi -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
