On Friday 03 November 2006 12:18 am, Fajar Priyanto wrote: > Hi all, > I'm trying to sign a document. From the help file it says that I need a > certificate from some vendors. > > Is this different with gpg? Can I use my own gpg signature instead? > Thank you very much,
Reference pg 433.. of doc NO a pgp key is not a cert it is a pair of keys you own. You provide others your public key so they can communicate with them. When you sign a document with a pgp key you are saying. here you can check this against my public key to verify who I am. Anyone knowing how to properly use pgp knows that you don't trust a key unless, 1) you know the person and have verified the key via their key fingerprint, or 2) their key is signed by others you trust saying they have verified the fingerprint. In pgp it is very normal to see 10+ signatures on keys. With certificates you are saying ONE company signed this so its valid, and from a company who make money and has an interest to sell millions of certificates. (I trust them NOT) The cert people say, you can trust this key because I have signed it. The problem is it is simple to get a key from cert people that is fake. They have a financial interest in making enough money to pay Microslop and in making a profit. The problem is 98% of the world of users doesn't know how to verify pgp and the circle of trust and key signing. As they foolishly havn't learned its security. As in asking the person who owns the key for their fingerprint. What you need is certificate, that in my oppinion is NOT trusted. I suggest that you not use verisign as the pricing is rediculous.. check out CA-cert. The windows world doesn't recognize this worldwide organization as they refust to pay Microslop to say they are a valid company. The part that is broken in my opinion is the part that says. "I know who this person is and they are who they say they are" this is the statement verisign and the others are making to the world. And the world foolishly goes and accepts it. Banks are loosing millions every year because they just can't figure out if someone is who they say they are. In windows in order for a vendor (like verisign) to be recognized as a valid cert provider they must pay Microslop 75K to be listed and then 10k per year to keep their listing. The only way to stop this is for everyone to stop using them and use other cert vendors. I highly suggest CA-cert It costs nothing. Get a cert and start signing. CA works on a circle of trust. In order to be fully trusted you have to show proof of who you are to three people, or obtain 3 notorized documents. After you get one start at pg 433 in the current doc.. Windows email readers even strip off my pgp signatures.. and this is signed. FRed
pgpGaaBcOl6oy.pgp
Description: PGP signature
