[kdepim-users] Signing/encryption again again...

Thu Jun 17 19:27:28 BST 2010

On Thursday 17 June 2010, Thomas Olsen wrote:
> On Thursday 17 June 2010 09:21:20 Brad Rogers wrote:
> > On Thu, 17 Jun 2010 08:48:28 +0200
> > Thomas Olsen <tanghus at gmail.com> wrote:
> > 
> > Hello Thomas,
> > 
> > > but I still wonder why other signed messages shows up as "The
> > > signature is valid, but the key's validity is unknown".
> > 
> > Because you haven't signed the key.  However, it's bad practice to
> > sign keys you don't know the value of.  The key signing
> > methodology involves verifying the key you wish to sign actually
> > belongs to the person it purports to come from.  The only sure
> > fire way to do that is to meet them.  Signing and attributing
> > trust values to keys of ppl you don't know is hazardous to all
> > concerned.
> > 
> > So, if you're planning on signing keys of people you don't know,
> > *don't*.
> 
> Aha. Thanks for a very understandable explanation on a IMHO complex
> subject.

The GNU Privacy Handbook is probably a good starting point to learn more 
about this subject:
http://www.gnupg.org/documentation/guides.en.html

And if you are interested in getting people to sign your key:
- If you are attending an Open Software fair like LinuxTag or Fosdem, 
etc., then you could participate in a key-signing party which are often 
organized during such fairs.
- You can use Biglumber (http://www.biglumber.com/) to check whether 
there are other people living near you that are also using OpenPGP.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20100617/68d041f1/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users