all digitally signed emails showing as bad

Boyan Tabakov blade.alslayer at gmail.com
Sat Nov 11 08:58:35 GMT 2006


On 11.11.2006 10:55, Boyan Tabakov wrote:
> On 10.11.2006 23:47, Michel D'HOOGE wrote:
> > > This is because to verify the signature you gnupg software needs to
> > > have the corresponding public key. The default KMail settings are to
> > > not download automatically missing public keys. See Security Settings
> > > in KMail configuration window.
> >
> > Here, I saved the message with its signature and then modified it
> > directly with Kate. The mail is also red, but the given explanation is a
> > bit different. However in both cases, it means that you can't trust what
> > you read. In the first case, this is because you cannot trust the key
> > used to sign the mail (and then someone could have made a fake one with
> > the same email address). In the second case, the signature doesn't match
> > the received message. So maybe it is just the mailer that messed the
> > content, but you have no clue.
>
> You are missing the point here. PGP (GnuPG) is a web of trust. Anyone that
> has decided to trust my key will have it in their keyrings and the
> verification process would have completed successfully. You can choose to
> trust a key that was signed by a person you trust and so the web grows
> bigger. If you don't trust a specific public key, you should entirely
> ignore the signature, because it would only mean that the owner of the key
> sent something, but you don't know who that owner is actually. (I could
> easily create a keypair that states my name is Bill Gates... now you
> wouldn't believe that, would you?)

Just one more comment... I have seen quite many public keys that are actually 
not signed by anybody else (only their owner). Now these mean and prove 
absolutely nothing (see above), so I don't know why these people are even 
using them.

-- 
Blade hails you...

For my dreams I hold my life
For wishes I behold my night
                 --Nightwish
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde/attachments/20061111/4ccbc0a5/attachment.sig>
-------------- next part --------------
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.


More information about the kde mailing list