18 Dec
2009
18 Dec
'09
2:40 p.m.
-----Original Message----- From: Wilfried Woeber, UniVie/ACOnet [mailto:Woeber@CC.UniVie.ac.at] Sent: Friday, December 18, 2009 3:23 PM To: Thor Kottelin Cc: ncc-services-wg@ripe.net
Thor Kottelin wrote:
the steps are basically: download the key, check its authenticity, sign it using your copy of PGP
And that is not necessary (or even useful) in order "to just verify the email..."
If you trust the key, you should sign it. Until you have signed the key, PGP considers it invalid, and rightfully warns you should you try to verify a message signed with such a key. Please see e.g. <URL:http://www.mccune.cc/PGPpage2.htm#Bad-Invalid> in "Tom McCune's PGP Questions & Answers". -- Thor Kottelin http://www.anta.net/