Houston, we have a problem
Stefan Claas
stefan.claas at posteo.de
Thu Sep 21 23:24:48 CEST 2017
On Thu, 21 Sep 2017 17:06:18 -0400, Robert J. Hansen wrote:
> > Do i understand you right, i validate Werner's pub key and when
> > i get a signed email from Erika Mustermann the sig should be then
> > o.k. from her, because i signed Werner's key?
>
> No. When you see something claiming to be Werner's sig on Erika's
> certificate, ask yourself:
>
> * Is it correct?
> * Does the signing cert really belong to Werner?
> * Do you trust Werner?
>
> If you can positively answer all three questions 'yes', then you
> should trust it. Otherwise, you shouldn't.
I can only say now i don't know if i should ever "trust" signatures
again on someone else's pub key, because in the past i have had only
communicated with people i did not know personally. And with
Erika's key example while trusting Werner's key i don't like the
idea when clicking in the Web interface on Werner's key-id that
it leads to Werner's key. That's all what i can say now. I better
should start now using my class3 S/MIME certificate...
Regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list