all digitally signed emails showing as bad

Boyan Tabakov blade.alslayer at gmail.com
Sat Nov 11 08:55:20 GMT 2006


On 10.11.2006 23:47, Michel D'HOOGE wrote:
> > This is because to verify the signature you gnupg software needs to have
> > the corresponding public key. The default KMail settings are to not
> > download automatically missing public keys. See Security Settings in
> > KMail configuration window.
>
> Here, I saved the message with its signature and then modified it directly
> with Kate. The mail is also red, but the given explanation is a bit
> different. However in both cases, it means that you can't trust what you
> read. In the first case, this is because you cannot trust the key used to
> sign the mail (and then someone could have made a fake one with the same
> email address). In the second case, the signature doesn't match the
> received message. So maybe it is just the mailer that messed the content,
> but you have no clue.
>

You are missing the point here. PGP (GnuPG) is a web of trust. Anyone that has 
decided to trust my key will have it in their keyrings and the verification 
process would have completed successfully. You can choose to trust a key that 
was signed by a person you trust and so the web grows bigger. If you don't 
trust a specific public key, you should entirely ignore the signature, 
because it would only mean that the owner of the key sent something, but you 
don't know who that owner is actually. (I could easily create a keypair that 
states my name is Bill Gates... now you wouldn't believe that, would you?)

-- 
Blade hails you...

Puppet girl, your strings are mine
                       --Nightwish
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde/attachments/20061111/c2be1776/attachment.sig>
-------------- next part --------------
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.


More information about the kde mailing list