-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 15.02.15 16:30, Stephan Beck wrote:
> OK, I give you that, strictly speaking, it might not be the same, > but at the moment I had no other measure at hand to remind me of > being careful with that kind of event. And a bad signature event is > not the ideal event for putting trust in a key owner's identity at > all. You cannot get trust from good or bad mail signatures. You also cannot get distrust. A "bad signature" _only shows one thing_: The message was modified along the way from the signing process (at the senders computer) to the verification process (at your computer). This can be a tool shortcoming, a mail server mangling the contents or the mailinglist software. You cannot decide where the modification took place. So all evidence is technical. There's absolutely no reson to distrust the mail sender. 1000 good mail signatures from him don't show anything regarding his key. 1000 bad signatures either. The only place to get trust to the senders key (i.e. to make it "valid" for you) is to meet the key owner in real life, verify the identity documents, his fingerprint and mail addresses and sign his key if everything is ok. There's no measure to replace this procedure. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJU4MiTAAoJEDrb+m0Aoeb+lRAP/2MiEq4KQoPRQrBRXQIQ8ayJ tUXFKGVejaTl4KcwUiScqrrBKj2pYMda5kuQagJQThWEGesuzeSPtP7mklVNPCGW htxGNY8SAF6dBCjqLNHTOOeBgLEDKliLv7BLu9Two5/fGsjg6E80ghc/yvnSRzpa Lln6P7W/RhqDhd1ACg4bDeJGf1Sr2kTaMADOTezev4b3bZ6W/OJ+0n10wz/8xR5D 5kTGwVkG0sA4IOUVfFuYz5AM+GfrPHjNUZp5f6IIVbSFLgNbGrxRfN4Xf6ZbHEcH VA/4BDNpD+kN29J+A3cZe+ois3r6BnPXPAwUFgwOD8Mah9bmKgzcBRRj97dnTZC0 6qo6v5XanEljvo7DFjixKxunHQ7pBKXBd3YnbDgDftCvr7QX8KauL88CHirmQh3p gTMupRC9ZZlJ6us7SgCZSRuP1BkuBSnlNhfbpH3Y0moKjbdx8RpTL+fUS1C+o//M RNMg8sKoiUZ33pFkKEAI9Kb1UBHCDD7ye2ZZhsk0tpjNTjQCVxOe7mEhKkz9dila t07u06zlsEEX9hFODHJw4Ph3a7dDiXLg1QHr39G3oSoW7aJ7jnl8gpJLg/J8IWS4 fw8MQvRJKObI2F+a+uSzrDD62U4Utxf/yraX77qIZ2dX94OYWMKoMYwJTQwRnQda sC6bdVe6GB39z87DRsi2 =ZP3O -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
