> Question for the experts, how can a casual or new GnuPG user, like Alice > and Bob, detect a Signature forgery on a pub key, when using Web based > key servers?
By remembering that anyone can create a key claiming to be anyone, and that seeing a signature allegedly from Werner (or anyone) means absolutely nothing until and unless you've verified the signing certificate actually belongs to him. Key validation -- ensuring a key really belongs to who it says -- is an important step. It cannot be skipped. It is not optional. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
