On Friday 04 November 2005 2:05 am, Aaron J. Seigo wrote: > On Thursday 03 November 2005 15:17, Jarrod Major wrote: > > This is just a reminder, for those using GPG, make sure you sign the > > public keys of those people in your keyring. > > only if you are certain that the key is valid. this usually means having > the person show you photo ID and giving you a hardcopy version of their key > fingerprint for confirmation.
Sorry, I should have been more clear about that. I meant that people should sign the keys that they have checked. I talked at length about it in the keysigning thread but not in this one. I hope I didn't influence people to do this without checking. You can actually configure GPG to automatically add people's keys to your keyring when you receive messages from them so in a case like this, you would not have checked them thoroughly. > randomly signing keys actually degrades the value of the web of trust. Absolutely! Only sign keys for which you have checked. Assign the appropriate level of trust considering how much contact you have had with the person. Thanks for calling me on this oversight Aaron. BTW, have you signed my key? :) -- Jarrod Major Registered Linux User: #224211 GPG Fingerprint: 4556 EFA8 EC69 7C54 EE33 C881 2C7C 0E10 2439 231E
pgp7B8MTZE32p.pgp
Description: PGP signature
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
