Jason Spatafore wrote:
| On Sunday 01 May 2005 16:01, Patrick Fleming, EA wrote:
|
|>| 2) Thunderbird already has excellent email encryption support through
|>| the Enigmail extension, which uses GPG to encrypt/decrypt and
|>| sign/verify emails transparently. It works beautifully, and it's
|>| completely open technology. I signed this message using the Enigmail
|>| plugin as an example, and it took all of 2 mouse clicks (OK, it took 4
|>| more when I first set up Enigmail, but that only needs to happen once).
|
|
| That would explain the:
|
| Message was signed with unknown key 0x2FA4FA17.
| The validity of the signature cannot be verified.
|
| I get when viewing your emails. :) Does this mean I have to take an
extra step
| to add you to something so your email authenticity is defined on my
system?
| I'm curious.
|
It means that my key hasn't been imported into your keyring. The
command to do that is:
gpg --import [Filename]
But, wait, how do you know it's really me? It would be nice if there
was a way to tell if I'm who I say I am before importing an unknown key.
~ And there is.
Go to pgp.mit.edu and type in my e-mail address. If you check the box
marked "Show PGP fingerprints for keys" You'll see that the fingerprint
there matches the fingerprint attached to the e-mail you received.
Better, but it really doesn't prove much be itself. Now click on my
e-mail address on the pgp.mit.edu site you'll see that my key has been
signed by two other PLUG members. Seeing they have verified that I am
who I say I am and assuming they are people *you* trust as well, then
you can assume that I am, indeed, who I say I am. This is known as the
"Web of Trust."
Dennisk
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)