[kdepim-users] Signing/encryption again again...
Thomas Olsen
tanghus at gmail.com
Thu Jun 17 11:20:43 BST 2010
On Thursday 17 June 2010 09:21:20 Brad Rogers wrote:
> On Thu, 17 Jun 2010 08:48:28 +0200
> Thomas Olsen <tanghus at gmail.com> wrote:
>
> Hello Thomas,
>
> > but I still wonder why other signed messages shows up as "The
> > signature is valid, but the key's validity is unknown".
>
> Because you haven't signed the key. However, it's bad practice to sign
> keys you don't know the value of. The key signing methodology involves
> verifying the key you wish to sign actually belongs to the person it
> purports to come from. The only sure fire way to do that is to meet
> them. Signing and attributing trust values to keys of ppl you don't know
> is hazardous to all concerned.
>
> So, if you're planning on signing keys of people you don't know, *don't*.
Aha. Thanks for a very understandable explanation on a IMHO complex subject.
--
Best Regards / Med venlig hilsen
Thomas Olsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20100617/73c89b88/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users
More information about the kdepim-users
mailing list