> Do i understand you right, i validate Werner's pub key and when
> i get a signed email from Erika Mustermann the sig should be then
> o.k. from her, because i signed Werner's key?
No. When you see something claiming to be Werner's sig on Erika's
certificate, ask yourself:
* Is it correct?
* Does the signing cert really belong to Werner?
* Do you trust Werner?
If you can positively answer all three questions 'yes', then you should
trust it. Otherwise, you shouldn't.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
