On 08/29/2011 08:17, Werner Koch wrote: > On Sun, 28 Aug 2011 15:29, mike_ac...@charter.net said: > >> > from using GPG4WIN I note: a signature may be marked: >> > >> > valid|not valid >> > Trusted|not Trusted > It should be "valid". However gpg4win is collection of different tools > all with a different history. > >> > "Trust" or "owner trust" refers to whether I trust *the owner of* a key >> > sent to me. this trust can be > This is a misconception. You assign an "owner trust" to indicate your > estimation on how faithful someone signs other keys. > >> > IN ADDITION: you will note that on an x.509 certificate there is a >> > second trust flag: for software. This is CRITICAL to the security of >> > Authenticode which is used for software updates > It basically says, the malware authors spend a few bucks on buying a > compromised key for the certificate. > > > Shalom-Salam, > > Werner > > -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. thanks for the note.
I have a post on the problem with SSL posted on IEv this week,-- see http://www.internetevolution.com/messages.asp?piddl_msgthreadid=241163&piddl_msgid=442824#msg_442824 -- /MIKE
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
