On Tue, Feb 13, 2001 at 09:28:49PM +0000, Jim Breton wrote: > You don't need to assign any trust to these keys; it's enough to get the > "Good signature..." output. As long as the signature verifies > successfully (as it does in your example above), you know that the > person who created the key you've got on your keyring is the same person > who sent the message/signed the package/whatever. > > The issue of trusting the key is a separate one: it answers the > question, "was this key created by the person whose name appears in the > key?" If you can unconditionally answer Yes to this question then go > ahead and sign the key. Otherwise you do not REALLY know that that key > was created by that person.
Thanks for clearing this up. -- groetjes, carel
