Re: PGP signatures.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Patrick O'Callaghan wrote:
> On Wed, 2008-05-28 at 08:04 -0500, Aaron Konstam wrote:
>> Ok, I agree with your analysis. It can't be ruled as invalid if had
>> not been retrieved. But I am ignorant. I do not know how to do the
>> signing
> 
> gpg --sign-key <name>

Bzzt!  Don't do that.  Not unless you have:

    1) Verified the details of the key (fingerprint, size, and type,
    at least)
    
    2) Verified the email address used (perhaps via a simple challenge
    email asking the key holder to sign some data of your choosing and
    return it to you)

    3) Done some sort of validation that the name on the key is really
    the name the key holder is known as

There is nothing to be gained by just signing a key to make the
"invalid" warning go away.  And in fact, it can be harmful.  If you
use --sign-key and then even send that key to someone else or to a
keyserver, others may take your signature to mean that you've done
some or all of the verification I mentioned above.  If you haven't,
you're harming your reputation, as no one wants to trust the
signature from someone that doesn't do any verification.  (Think of
signing a key as you would notarizing a document.  You wouldn't stamp
your seal on something without some checking.)

If you really must silence the warning (and I would argue that there
is no point in that), you can use gpg --lsign-key to create a local
signature.  Such a signature will not ever be exported.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Abandon the search for Truth; settle for a good fantasy.

Attachment: pgpmVn2undAvT.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux