On Sun, 28 Aug 2011 15:29, [email protected] said: > from using GPG4WIN I note: a signature may be marked: > > valid|not valid > Trusted|not Trusted
It should be "valid". However gpg4win is collection of different tools all with a different history. > "Trust" or "owner trust" refers to whether I trust the owner of a key > sent to me. this trust can be This is a misconception. You assign an "owner trust" to indicate your estimation on how faithful someone signs other keys. > IN ADDITION: you will note that on an x.509 certificate there is a > second trust flag: for software. This is CRITICAL to the security of > Authenticode which is used for software updates It basically says, the malware authors spend a few bugs on buying a compromised key for the certificate. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
