-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-11-05 at 20:11 -0600, Darryl Gregorash wrote:
That's why I signed it (locally), but now you are telling us I should not have done that, in case it gets uploaded to a key server with my signature!?
There are two kinds of signings. The normal, default, one is exportable. The other one is local only and not exportable. - From the manual for gpg: - -edit-key `name' Present a menu which enables you to do all key related tasks: sign Make a signature on key of user `name' If the key is not yet signed by the default user (or the users given with -u), the program displays the information of the key again, together with its fingerprint and asks whether it should be signed. This question is repeated for all users specified with -u. lsign Same as "sign" but the signature is marked as non-exportable and will therefore never be used by others. This may be used to make keys valid only in the local environment. In Thunderbird, that has a gpg key management section, when I chose to sign a key it will do so as exportable. I have to click "local" manually. In kgpg I don't remember. Also, I don't even sign locally keys for which I don't have some kind of verification, even if marginal, because key checking will not tell me the diference when reading an email. But that is a personal choice. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTq2JtTMYHG2NR9URAoTiAJoCDDhyDbSvhQS3lSQenX2OUwHFeQCeLNFM s8LnARDL2yeTPYMFsCmPGOI= =Kn4y -----END PGP SIGNATURE-----