[kdepim-users] Signing/encryption again again...
Brad Rogers
brad at fineby.me.uk
Thu Jun 17 08:21:20 BST 2010
On Thu, 17 Jun 2010 08:48:28 +0200
Thomas Olsen <tanghus at gmail.com> wrote:
Hello Thomas,
> but I still wonder why other signed messages shows up as "The
> signature is valid, but the key's validity is unknown".
Because you haven't signed the key. However, it's bad practice to sign
keys you don't know the value of. The key signing methodology involves
verifying the key you wish to sign actually belongs to the person it
purports to come from. The only sure fire way to do that is to meet
them. Signing and attributing trust values to keys of ppl you don't know
is hazardous to all concerned.
So, if you're planning on signing keys of people you don't know, *don't*.
--
Regards _
/ ) "The blindingly obvious is
/ _)rad never immediately apparent"
Tired of doing day jobs with no thanks for what I do
Do Anything You Wanna Do - Eddie & The Hotrods
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20100617/1eca3acc/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users
More information about the kdepim-users
mailing list