Moin,
On 00-12-18, Joe Philipps wrote:
>I'm curious...do users usually use a separate keyring for things like
>the Mutt list?
Not yet, but I like the idea.
>Most of the messages I read have gpg complain about the veracity of the
>key used to verify the signature, as well I suppose they should because I
>haven't signed them.
You don't have to sign them, only to acknowledge their validity. For
example, I would acknowledge any keys signed by 'ct magazine CERTIFICATE',
because I know how nitpicky they are.
>The thing is, I probably don't want to sign them because other than
>trusting the keyserver, I cannot verify (well, would find it difficult to
>verify) the individual keys.
You don't have to sign them only to add them to your ring. Just add them.
>The reason I might want to have a separate ring (e.g., --keyring
>mutt-users.gpg) is that it would keep them off my "main" keyring
Jepp. Saves time and is easies to manage.
On a related issue, your key is not on the servers:
- - -
[-- PGP-Ausgabe folgt (aktuelle Zeit: Mon Dec 18 09:50:15 2000) --]
gpg: Unterschrift vom Mon 18 Dez 2000 06:29:09 CET, DSA Schlüssel ID FA029353
gpg: Schlüssels FA029353 von wwwkeys.eu.pgp.net wird angefordert ...
gpg: Schlüssel FA029353: Öffentlicher Schlüssel importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: importiert: 1
gpg: FALSCHE Unterschrift von "Joe Philipps (Philipps family sig)
<[EMAIL PROTECTED]>"
[-- Ende der PGP-Ausgabe --]
- - -
(The important line is the last one saying 'WRONG signature from (...)'.)
What's wrong?
On another related issue: I failed to add this address to my key. This
should be fixed now.
Thorsten
PGP signature
