> Something isn't configured properly in your GnuPG. It sounds like it > doesn't trust YOUR key.
entirely possible but i think everything is set up correctly. here is what i get when i run a check on my key: pub 1024D/7D224574 created: 2002-01-09 expires: never trust: -/u sub 1024g/CB44AB9B created: 2002-01-09 expires: never (1). Peter T. Abplanalp <[EMAIL PROTECTED]> Command> check uid Peter T. Abplanalp <[EMAIL PROTECTED]> sig! 7D224574 2002-01-09 [self-signature] sig! 09468BD5 2002-02-06 Peter T. Laird <[EMAIL PROTECTED]> here is what i get when i run a check on your key: pub 1024D/18A4D476 created: 2000-05-03 expires: never trust: -/q sub 1024g/F43253AD created: 2000-05-03 expires: never (1). Shawn McMahon <[EMAIL PROTECTED]> Command> check uid Shawn McMahon <[EMAIL PROTECTED]> sig! 18A4D476 2000-05-03 [self-signature] sig! 7D224574 2002-04-01 Peter T. Abplanalp <[EMAIL PROTECTED] which leads me to believe that everything is as it should be. finally, here is the output of gpg when i view an email signed by (presumably) you: gpg: Signature made Mon Apr 1 11:53:14 2002 MST using DSA key ID 18A4D476 gpg: Good signature from "Shawn McMahon <[EMAIL PROTECTED]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: 0488 2065 CC6B 20CB 31E5 6529 FD1D F6BB 18A4 D476 which is the same message i get from gpg on a signed email for which i did not sign the key. so what is up with that? after lsigning the key, i figured i would lose the warning because i had signed the key with my own. > That's good judgement. right. that is what i thought. so the question remains, how does one develop a web of trust using good judgement while probably being unable to verify anyone's identity outside of long distance (email, phone, fax, etc) means? -- Peter Abplanalp Email: [EMAIL PROTECTED] PGP: pgp.mit.edu
msg26490/pgp00000.pgp
Description: PGP signature
