Jeff Lee wrote:
Would it be a safe bet for me to go ahead and mark people that I recieve email from on this list as trusted with gnupg? I realize that I shouldn't *sign* the key without meeting people or thoroughly checking out their identity. However, as far as I'm concerned you all should match your email addresses that your posting with.
Make sure you understand the difference between a trusted person and a valid key. The ownertrust values are used when calculating how valid keys are. Someone's signature on a key can make the key valid, but only if you trust the person who signed it. So you mark a person as trusted if you're confident that he/she has no malicious intent and that he/she knows to check that a key is authentic before signing it.
To be able to verify that one email is from the same person as another email, sign the key is what you want to do. I suggest that you make a non-exportable signature (that is, for your own use only), and when asked how well you have checked the key you choose "1", which is recommended for pseudonyms.
Björn Persson
