-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Neil Williams wrote:
> As I said, you can verify my key via someone else. Once your key is in the
> "strong set" this becomes a lot easier. I regularly come across keys used on
> this list that are instantly verified by the web of trust.
>
> The
Neil Williams wrote:
> As I said, you can verify my key via someone else. Once your key is in the
> "strong set" this becomes a lot easier. I regularly come across keys used on
> this list that are instantly verified by the web of trust.
>
> The web of trust is scalable - you just need the oppo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And, of course I read this with Enigmail telling me that I received an
"UNTRUSTED, Good Signature" from you. Of course, I could slap a "Local
Sig" on your Key, but I prefer letting the Blue stripes remind me that
we haven't met, nor have our Keys "b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Neil Williams wrote:
> On Saturday 22 October 2005 9:20 pm, [EMAIL PROTECTED] wrote:
>
>>2. WoT is problematic in that it is very sparse.
>
>
> In certain areas, maybe. The only solution to that is to get more keysigning
> done.
>
And to get m
On Saturday 22 October 2005 10:14 pm, Neil Williams wrote:
> I have not met everyone I can trust via the web of trust. From David's
> stats, I have 20 or so signatures that link within the main set and I can
> trust some 1400 keys that way.
Sorry, that should be Jason's stats, not David's.
Look
On Saturday 22 October 2005 9:20 pm, [EMAIL PROTECTED] wrote:
> > The web of trust enables such verification - if you can't meet me in
> > person, you can verify my key by having your key signed by someone who
> > has met me (there are lots).
> >
> > Until that happens, you have no way of trusting
* [EMAIL PROTECTED] wrote:
> On Sat, Oct 22, 2005 at 07:31:54PM +0100, Neil Williams wrote:
> >
> > That is exactly my point, NOBODY should rely on ANY of that information to
> > identify a key. The only identifier for a key is the fingerprint. You MUST
> > verify the fingerprint with the perso
On Sat, Oct 22, 2005 at 07:31:54PM +0100, Neil Williams wrote:
>
> That is exactly my point, NOBODY should rely on ANY of that information to
> identify a key. The only identifier for a key is the fingerprint. You MUST
> verify the fingerprint with the person and only then can you be sure that t
On Saturday 22 October 2005 5:26 pm, B. Kuestner wrote:
> Wow, is it just me or does anybody else consider this a major design
> flaw of the whole setup?
It is actually a component of one of the major strengths - the web of trust.
1. It is made perfectly clear that you are the sole protector of y
["B. Kuestner" <[EMAIL PROTECTED]>, Sat, 22 Oct 2005 18:26:51 +0200]:
> Am I missing something?
The web of trust. (And the documentation, apparently.)
Either you personally verify the key with your recipient (in which
case you know which key is the right one), or (slightly simplifying)
you choos
Thanks David.
I understand that technically there is no software command that I
could send off anywhere that could fix the situation, right?
If you don't have the private key, then yes, right. There is nothing
you can do about it.
I feared so after I read up on all this stuff.
Wow, is it j
Hi,
[Please honor Mail-Followup-To and Cc me on replies: I am not subscribed
to this list.]
Summary: please tell me how to handle S/MIME decryption and verification
with gpgsm.
I am working on integrating PGP and S/MIME with the Mailman mailing list
manager, see http://non-gnu.uvt.nl/pub/mailman
12 matches
Mail list logo
