On Mon, Apr 01, 2002 at 01:00:39PM -0500, Peter T. Abplanalp wrote: > ok. just to see how things work, i lsigned the key that i got from the > keyserver when i opened the email i am responding to. presumably your > key and email ;-). now when mutt invokes gpg, i get the same message of > "good signature but no validity." that being the case, what is the purpose > of lsigning a key? You might not care about the actual real-world identity of someone; you may only care to know that two messages from them did, in fact, come from the same person. In that case, you don't want to sign the key in a sharable way, because that certifies the identity associated with the key; but you can lsign it is an indication to yourself of your decision to treat the key that way, or just to shut the program up about the unsigned key.
> so you are saying it is a totally subjective judgement call? Yes. > that means i could sign all the keys i have from this list and > send everyone a copy back and that would be ok? Okay from a web-of-trust sense. Not so okay from a spam-avoidance sense. :) > somehow i think some people would become angry. Most folks wouldn't get angry; they just wouldn't trust your signature. Your signature on a key doesn't do the owner of that key any good unless folks trust YOU to make the right decision when signing keys. If you make a habit of signing keys without verifying the ID, then your signature just becomes worthless. -- Mark REED | CNN Internet Technology 1 CNN Center Rm SW0831G | [EMAIL PROTECTED] Atlanta, GA 30348 USA | +1 404 827 4754 -- Remember the... the... uhh.....
msg26471/pgp00000.pgp
Description: PGP signature
