begin quoting what Thorsten Haude said on Sun, Mar 24, 2002 at 01:23:57AM +0100: > Let's not forget that your key is worthless unless signed by somebody > we know already.
Not entirely worthless. For instance, if you receive lots of emails from me in lots of fora, all signed, then you may consider my identity established enough for your purposes, and choose to local-sign my key, and thus detect any later forgery. It wouldn't do to rely upon that for too many things, but it certainly serves for establishing that, say, the [EMAIL PROTECTED] who responds to you in debian-user is the same one who responds in this list. That's one reason I sign everything. If you do that, make sure you local-sign, not sign for export. The latter would be a big no-no. The gpg and pgp documention goes into these subjects in depth, IIRC.
msg25955/pgp00000.pgp
Description: PGP signature
