On Tue, 6 Jun 2006, Kev Jackson <[EMAIL PROTECTED]> wrote: > On 6 Jun 2006, at 01:50, Stefan Bodewig wrote:
>> Another thing is that it would be good to have signatures on your >> key. > > Well I'm currently in Vietnam, so I guess that no I'm not near > enough to anyone True. No ASF members either (the closest ones probably are in Japan). > I've never done this whole pgp thing before, and reading the gpg > home page makes it seem partly simple (gen keys) and partly > extremely complicated (signing). Technically signing is not any more difficult than generating keys. If you are ceratin a key belongs to a given person, you sign it. What you do with the signed key is up to your personal taste - I upload it to the keyservers, others will mail it to the originator. If you import a key you get the choice to assign trust to it in GPG. This version of "trust" means "how much do I trust the originator to really only sign keys after checking they are proper keys". So it is a measure of trust in signatures by that keys on other keys. You don't need to sign a key to assign trust to the user. When you verify a signature on a document GPG will not only check whether the signature is valid, but also whether you can assume that the key which has been used to sign the document really belongs to the person who claims it. If you've signed the key yourself, you've checked the key yourself already and thus know the key and trust the signature. If you haven't, all signatures on that key and the trust you've assigned to the people who signed it will be taken into account to calculate how much you can be sure the key was real. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
