On Mon, Apr 01, 2002 at 12:42:19PM -0500, Shawn McMahon wrote: > If you're using GnuPG, see the "lsign" option.
ok. just to see how things work, i lsigned the key that i got from the keyserver when i opened the email i am responding to. presumably your key and email ;-). now when mutt invokes gpg, i get the same message of "good signature but no validity." that being the case, what is the purpose of lsigning a key? > If you're signing the key because you trust it, but aren't willing to > put your name on the line to vouch for it, local-sign (lsign) it. as i asked above, why? what purpose does lsigning serve? > If you are willing to put your reputation on the line as proclaiming > the validity of the key, sign it, and send the owner a signed copy. Don't > do that unless you're sure it's legit; and email ain't "sure". so you are saying it is a totally subjective judgement call? that means i could sign all the keys i have from this list and send everyone a copy back and that would be ok? somehow i think some people would become angry. especially due to the fact that my one pgp friend wouldn't sign my key unless i brought it to him on a floppy. he didn't check my id presumably because he felt confident he could still recognize me. -- Peter Abplanalp Email: [EMAIL PROTECTED] PGP: pgp.mit.edu
msg26469/pgp00000.pgp
Description: PGP signature
