Re: [PLUG] GPG Signed

LeRoy Cressy on 29 Jul 2005 12:18:50 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GPG Signed

From: LeRoy Cressy <ldc@lrcressy.com>

To: v592653589793238@verizon.net, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] GPG Signed

Date: Fri, 29 Jul 2005 08:15:31 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Debian/1.7.8-1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stewart B. Lone wrote: > gyoza@comcast.net wrote: > >> Eric J. Roode wrote: >> >> >>> To sign a message this way, you have to use an email program that >>> supports the PGP/MIME protocol. >>> >> >> Thanks. I had actually worked it out last night. I looked at the >> source for a couple messages and I noticed a link that Alexion has in >> his signature. >> http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html >> >> (Hmm. I'd like to make it obvious that I signed the message, but the >> inline signature is a mess.) >> >> As far as distributing the public key, I was planning on just giving it >> to family so we can play with encryption. Eventually I might want to >> have my key signed and posted somewhere. >> >> >> >> ------------------------------------------------------------------------ >> >> ___________________________________________________________________________ >> >> Philadelphia Linux Users Group -- >> http://www.phillylinux.org >> Announcements - >> http://lists.phillylinux.org/mailman/listinfo/plug-announce >> General Discussion -- >> http://lists.phillylinux.org/mailman/listinfo/plug > > I understand that you want to make it obvious that you signed the > message, and it does indeed show a signature. However, [using enigmail] > in the topline of the visible header, it states "Unverified signature; > click Pen icon". How do I know its you. If you use an armored file, > export pub file option, that could be imported to my keyring, likewise > from a keyserver. Once its on my ring, I can set it to a marginal trust > value and subsequent representations of that key would show as a bad sig > if it were different. Who has time to inspect each and every sig. If the > opportunity to exchange keyslips offers itself, then trust could be set > to ultimate. The ultimate trust should be reserved for yourself only marginal is for when you sign a key and only marginally verify the person whereas fully trusted means that you not only exchanged keyslips and checked the ID, but you exchanged encrupted email with each other verifying the email connection prior to signing the key. When you sign a key you are asked how well you checked the key that you are signing: This is from the gpg man page: - --default-cert-level n The default to use for the check level when signing a key. 0 means you make no particular claim as to how carefully you verified the key 1 means you believe the key is owned by the person who claims to own it but you could not, or did not verify the key at all. This is useful for a "persona" verification, where you sign the key of a pseudonymous user. 2 means you did casual verification of the key. For example, this could mean that you verified that the key fingerprint and checked the user ID on the key against a photo ID. 3 means you did extensive verification of the key. For example, this could mean that you verified the key fingerprint with the owner of the key in person, and that you checked, by means of a hard to forge document with a photo ID (such as a passport) that the name of the key owner matches the name in the user ID on the key, and finally that you verified (by exchange of email) that the email address on the key belongs to the key owner. Note that the examples given above for levels 2 and 3 are just that: examples. In the end, it is up to you to decide just what "casual" and "extensive" mean to you. This option defaults to 0 (no particular claim). 3 ends up as fully trusting which reports good signature from someone@somewhere.com. The others report untrusted or unverified signature. - -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ http://lrcressy.com ( o.o ) Phone: 215-535-4037 > ^ < FAX: 215-535-4285 gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA For info on enigmail: http://lrcressy.com/linux/mozilla.pdf For info on gpg: http://www.gnupg.org/ Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFC6h3jP+/m2oUBr+oRAv8oAJ4yUra8cBhuqCw65/r7Fgr4UBDYbwCdEh6B 6+Rdoe9L96CzbrHfnF/5ouA= =XSVF -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] GPG Signed
From: gyoza@comcast.net

References:

[PLUG] GPG Signed
From: gyoza@comcast.net

Re: [PLUG] GPG Signed
From: "Eric J. Roode" <sdn.praised68720@zoemail.net>

Re: [PLUG] GPG Signed
From: gyoza@comcast.net

Re: [PLUG] GPG Signed
From: "Stewart B. Lone" <v592653589793238@verizon.net>

Prev by Date: Re: [PLUG] APIC errors, weird crashes

Next by Date: Re: [PLUG] GPG Signed

Previous by thread: Re: [PLUG] GPG Signed

Next by thread: Re: [PLUG] GPG Signed

Index(es):

Date

Thread