-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 In reply to David Srbecky's message sent 2005-08-05 17:36:
> I just installed GnuPG to Thunderbird, created a key pair and > uploaded it to a keyserver. I have expected to receive some mail > designed to verify that I really own the email address (similar to > the one that just received to subscribe to this list), but I did not > receive any. > > How can people know that I own the address if GnuPG did not check it? GnuPG is a cryptographic application. It verifies digital signatures, not email addresses. > My next idea was that GnuPG is multipurpose cryptographic software > and I need to get some special signature verifying that I own > specific mail. I was looking for a way to accomplish that, but I have > not found any. There is no magic bullet :-( A signature is only "special" to the one who recognizes it. Some people trust my sig, while others have no cause to. The same goes for bots and CA's. That's why the web of trust is important. The more signatures you get on your key, the greater the odds someone who receives your key sees a signature of someone they trust. > Are there any servers/bots that can verify that I own mail and then > sign my key to certify that? The PGP Global Directory will only publish UID's bearing email addresses that you confirm. https://keyserver-beta.pgp.com/vkd/GetWelcomeScreen.event The Robot CA at toehold.com will also similarly validate your email address. http://www.toehold.com/robotca/ There are other organized webs of trust around like Thawte Consulting (www.thawte.com), CAcert (www.cacert.org) and the Gossamer Spider Web of Trust (www.gswot.org). Thawte is a commercial CA (only good for X.509 unless you use a compatable RSA OpenPGP key). CAcert is a not-for-profit CA (X.509 and OpenPGP; trying for browser inclusion). GSWoT is a grassroots organization that endorses CAcert Assurers, Thawte Notaries, and other internally produced assurers to enhance the OpenPGP web of trust. These entities perform identity assurance. You won't get a signature for proving access to an email address. - -- Mike Daigle http://www.mikedaigle.ca My PGP Key mailto:[EMAIL PROTECTED] Gossamer Spider Web of Trust http://www.gswot.org Get Your Own Subdomain! http://www.gswot.org/yourname -----BEGIN PGP SIGNATURE----- Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org iD8DBQFC9AZaNuccKlqTLlMRA2/NAKDZNFcuuoAhUAbKGZBMrp2z2wcCaACgq9UA X8336TQYfwdNfIpm0mxshtI= =0s6L -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
