-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Steven W. Orr wrote:
> When I got your key, AND I know it came from you, then I set your key in my > ring with owner trust of "trusted". But I didn't set the key validity. My > understanding is that if I set your key validity then I'm signing my > public key with your public key. (Someone please correct me if I'm way off.) First; You cannot Sign Your Key with a Key belonging to someone else. In order to Sign a Key Ya gotta have the Secret/Private half + the Passphrase. You Sign the OP's Key with Your Key. This may done using a 'Local' signature that exists _only_ within Your Keyring or You may Sign the Key with an 'Exportable' signature which is then visible to Others when the OP's Key is exported & shared. > Then for other people to see that I trust you, I would then have to re-upload > my public key to the keyserver network. Only those people who would refresh my > key from the servers would then see that I trust you. > > Can someone please confirm that what I just said is correct? No, the above paragraph is not correct. For others to 'see' that You trust the OP they would have to Import their Key with Your exportable signature displayed on it. Refreshing Your Key on the Servers is only necessary when/if the OP Signs Your Key with theirs using an Exportable Sig and You wish to display to the Universe that They trust You. This might be a good time to 'refresh' the proper netiquette regarding signature sharing. The proper method is to Sign a Key with an Exportable signature and then _return_ the signed Key directly to the Key Owner. The decision as to whether or not to 'share' Your trust in them should be theirs to make. > If this is true, then how do I know how often I need to refresh the public > keys that I have on my keyring? This is a personal decision. As a General Rule I only refresh a Key manually when I am specifically interested in that specific Key's signatures and/or UID status or whenever I notice that it is showing 'Expired' and I wish to determine if the Key is still useful. Refreshing, discarding & cleaning Key falls under the rubric of Keyring Maintenance. Like all maintenance; the frequency & intensity is determined by the individual Keyring Owner. HTH JOHN ;) Timestamp: Saturday 13 Jun 2009, 08:06 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn5042: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKM5ZJAAoJEBCGy9eAtCsPlyIH/RdG/tplZY7xz3S3Im0HOC8F TSay8dgxSfzWoTwBVPepbC/qu8hKcupAAgRNbAotvAY8tn60jBCHV8AJS1UMiat6 T4th0/cQmKbtmh1y0w8nv3waT7PwYh49Vw/TWWfVJD+r7d6qbNI/tQ4IJybTnZ7z 2FOv/kE3WbAb/D22oRR7XCIBhUyvsBPwFvlJZy5N9mLgb3Fbz4ApujhVO0gMTMcL kqjmLTEWh78+N8EUQrG9C+bC4lJpZD4Zy7oRRmS0QGi5XAD2vFIEq1cCpWm908E7 Bp0H25ZhK7XV5cx2IVjVFPUyJAB0VKcFQE5MBPv2c+RQTGU1rsrb/Zgcxym/xLk= =vSDc -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
