-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-11-05 at 12:22 -0900, John Andersen wrote:
On Sunday 05 November 2006 04:47, Carlos E. R. wrote:
That's wrong: how can you sign his key if you don't know him personally?
Signing somebody else's key means that you have verified that he is really that person and that _that_ key belongs to him. This is usually done by meeting in person.
Who one chooses to trust is up to that person.
That's not the question. Did you read the manual? PGP/GPG signatures are based in a web of trust. By signing a key you are telling the rest of the world (not yourself) that you certify that the key you are signing does in fact belong to the correct person. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTmmdtTMYHG2NR9URAsUmAJ9cA+MG1x6tjkR4E+5S7jQsC7lYDACfdVCC qVxUgJhvdjed31WJvyexkLM= =Irpc -----END PGP SIGNATURE-----