On 03/20/2011 05:29 PM, Mike Acker wrote: > On 03/20/2011 17:19, Jonathan Ely wrote: >> It can be complicated; it is for me since I am still new to this. I only >> ‘trust fully’ those keys who come from people who I think would not fake >> identity, or have no reason not to be trusted fully. Is it unwise to >> trust anybody's key fully even if you are confident they would never >> ‘spoof’ another's key? I never even thought of doing what you did; I >> just leave everything as ‘untrusted good signature’ unless if it is >> somebody with whom I am familiar. > thanks for the note!! have you tried to download my signature from the > server? it should work.... it ought to work... > > i agree with you on the trust matter. it's fun to experiment though-- > and-- it's how we learn!! > > all i did was to simply delete your key from my keyring -- using the > excellent pgp/key manager that is built into THUNDERBIRD. following that > you go back to your original no key found condition and i can try > another test > > but you are completely right: you have NO REASON to trust MY key -- > unless somone YOU trust to VERIFY keys signs my key for you. this is > what a Certificate Authority is supposed to do but to this date I remain > concerned that most of the CA certificates in our browsers are just > loaded there by someone-- i have no clue why i would think they are valid. > > thoughts? >
Hate to complain, but I'm only seeing one side of this conversation on the mailing list. I originally thought Mike posted the first message accidentally. Please keep it all on-list or all off-list, or it makes no sense to the rest of us. Thanks, -- -Grant "Look around! Can you construct some sort of rudimentary lathe?"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
