OT: PGP newbie question {Scanned by HJMS}

Furnish, Trever G TGFurnish at HERFF-JONES.COM
Thu Oct 2 21:19:12 IST 2003

> -----Original Message-----
> From: Denis Beauchemin [mailto:Denis.Beauchemin at USHERBROOKE.CA]
> Sent: Thursday, October 02, 2003 3:04 PM
> Subject: Re: OT: PGP newbie question {Scanned by HJMS}
> gpg: checking the trustdb
> gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature
> belongs to the owner.
> Primary key fingerprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6
> 5947 1415 B654
> Is this normal?

It means no one trusts Julian. ;-)  Er, actually, it means no one has yet
signed his key indicating that they believe it really belongs to someone
named Julian Fields.

The way PGP works is that you start by getting one person to trust you -
then others are more likely to trust you.  If they believe your key is
really yours, then they can give your key more credibility by "signing" your
key, indicating that they believe it's valid.  The more people sign your
key, the less likely you are to have to keep answering questions like the
one you just asked.

I personally don't think it would be that difficult (provided the proper
monitary incentive) to trick a significant number of people into trusting
the wrong key, but that's definitely a long, very off-topic discussion for a
different mailing list. :-)  And I'm a paranoid freak by nature.


More information about the MailScanner mailing list