It is untrusted because no one you trust has signed the signature to
validate its authenticity.
There's a circle of trust thing going on. A key, in isolation, can not
be trusted.
Any public key passed over the Internet in an unsigned manner should not
be trusted. Keys should only arrive either (1) in person, as in a key
signing party, or (2) signed by someone you have personally exchanged
keys with at a key signing party.
Cheers,
Steven Black
On Thu, 2007-05-31 at 12:13 -0400, Simón Ruiz wrote:
> On 5/31/07, Michael Schultheiss <schultmc@cinlug.org> wrote:
> > I wonder if the inline signature has anything to do with it.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> >
> > iD8DBQFGXuuxyJBzD6P54w4RAj0yAJ9EkcrtZ46XzM/5ogCsGCNHV48zLgCfX7jP
> > U+fMjvr5mmLZExRkOh8H950=
> > =WBUf
> > -----END PGP SIGNATURE-----
>
> Fire GPG doesn't even see your signature, but Enigmail in TB says:
>
>
>
> OpenPGP Security Info
>
> UNTRUSTED Good signature from Michael C. Schultheiss <schultmc@debian.org>
> Key ID: 0xA3F9E30E / Signed on: 05/31/2007 11:37 AM
> Key fingerprint: 2732 356E A676 373D 7216 B964 C890 730F A3F9 E30E
>
>
>
> Same with Jeremy's response (Though, of course, with his name and e-mail)
>
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment