all digitally signed emails showing as bad

Gary L. Greene, Jr. greeneg at phoenuxos.com
Sat Nov 11 14:24:30 GMT 2006


On Saturday 11 November 2006 04:36, Boyan Tabakov wrote:
> On 11.11.2006 11:26, Pavel Troller wrote:
> > > Just one more comment... I have seen quite many public keys that are
> > > actually not signed by anybody else (only their owner). Now these mean
> > > and prove absolutely nothing (see above), so I don't know why these
> > > people are even using them.
> >
> > Hi!
> >   It's simple: When you know somebody personally, he/she can give you
> > his/her key on a disk/flash/paper/whatever, and you are SURE that it's
> > his/her key. So you can then verify that the mail you've just received
> > really comes from him/her, and not from anybody else.
> >   When you don't know a person writing signed mails, it's irrelevant for
> > you whether the mail from him/her is genuine or faked, either. So you can
> > trust the key obtained from the public keyserver or not, it's not so much
> > important. Just think about it as that the person is signing the mail not
> > for you, but for those, which know him/her personally and which are
> > interested in receiving just the real mails from him/her.
> >             With regards, Pavel Troller
>
> Yes, but the idea is that those, who trust you show this by signing your
> key, so that all people can know those guys trust you. This way it becomes
> a "web of trust"... There were thousands of keys reachable from my key and
> clearly I don't know all these guys. There are even quite some guys writing
> in this mailing list! If there are not many hops in between, I can be
> pretty sure of their identity and so choose to trust their signatures.
> Without people signing each other's keys, this could never happen!

I do need to clear something up here.... While Boyan is right that GPG/PGP is 
meant as a web of trust, the comment from the other gent saying that the key 
may have been munged by a mail server IS a possibility. For a long time 
Yahoo's mail servers would munge the signature MIME-Encoding causing all 
verifications to fail. There are others that do as well. From what I can tell 
it's something to do with the anti-virus solution installed on the mail 
server being used in conjunction with the release of the mail server 
software.

-- 
Gary L. Greene, Jr.
Sent from: uriel.tolharadys.net
 09:17:48 up 13:04,  4 users,  load average: 0.02, 0.06, 0.01
=========================================================================
Volunteer Developer for the PhoeNUX OS open source project
    See http://www.phoenuxos.com/ for more information
=========================================================================

Please avoid sending me Word or PowerPoint attachments.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde/attachments/20061111/fc9817ce/attachment.sig>
-------------- next part --------------
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.


More information about the kde mailing list