On Wed, Sep 20, 2000 at 04:16:47PM -0500, Ben Beuchler wrote:
> To what is mutt referring when it says "PGP signature could NOT be
> verified."? gpg itself is returning no errors:
>
> [-- PGP output follows (current time: Wed Sep 20 16:14:34 2000) --]
> [-- End of PGP output --]
>
> [-- The following data is PGP/MIME encrypted --]
>
> <blah>
>
> [-- End of PGP/MIME encrypted data --]
>
> But the above mentioned error shows up in the status area at the bottom
> of the mutt screen.
>
> Any thoughts?
>
It means that there is nothing in that PGP signature (more correct PGP
certificate) that makes sure that the certificate belongs to the person
who is named in that certificate. To be sure a certicate belongs to
somebody it has to be certified (the public key must be signed) with a
certificate that undisputable belongs to somebody who is trusted by
both the sender and the recipient. This could be done at PGP signing
parties, or via Certifying Authorities in a Public Key Infrastructure
(CA, PKI, see X.509).
--
Rudi van Houten Department of Mathematics Utrecht University
Budapestlaan 6 - 3584 CD - Utrecht - Netherlands
:-) Fantasy is given mankind to make amends for what he is not,
and a sense of humour as consolation for what he is.
