[colug-432] Keysigning Party at OLF
Bill Baker
bill_chris at earthlink.net
Sat Sep 3 10:17:24 EDT 2011
I was going to ask how to sign your key, but I found that information on
the web page for the keysigning party. I just wanted to make sure I
knew how to do it in case I ever decided to attend one.
On Sat, 2011-09-03 at 08:00 -0600, Aaron Toponce wrote:
> On Sat, Sep 03, 2011 at 09:51:34AM -0400, Bill Baker wrote:
> > Question: I'm a relative gpg newbie and I'm not sure what to do with
> > that output. I tried doing a "gpg --recv-keys" followed by the key ID.
> > It worked, but now Evolution tells me "Valid signature, but cannot
> > verify sender." Is there any way to change that? Did I miss a step
> > somewhere? I tried googling it, but couldn't find anything useful.
>
> You haven't signed my key, so you haven't built a relationship of trust
> with my key. As a result, GnuPG is telling you that technically speaking,
> the signature is legit, but you don't know me, so I could be some bad guy,
> using a key and signing messages, hoping to steal your secrets.
>
> Thus, the whole point of the keysigning party. We build relationships of
> trust with our keys, called the Web of Trust. The more signatures a key
> has, and the lower the Mean Signature Distance (MSD) on that key, the more
> likely that key is to be trusted.
>
> Here is my "web of trust": http://aarontoponce.org/pubring.gif. I am in the
> pink cirlce. Take any node in that graph, and count the shortest number of
> direct hops it needs to reach me. My MSD is about 5 hops. I'm hoping to get
> that number lower.
>
> Hope that clarifies what it means that Evolution cannot "verify sender".
>
> --
> . o . o . o . . o o . . . o .
> . . o . o o o . o . o o . . o
> o o o . o . . o o o o . o o o
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
More information about the colug-432
mailing list