RE: [ncc-services-wg] FW: [ncc-announce] New RIPE NCC PGP Key
From: "Cosku Yilmaz" <cosku@cccmos.com> To: <ncc-services-wg@ripe.net>, <ncc-announce@ripe.net> Date: Fri, 18 Dec 2009 12:39:15 +0300
Would you please explain what is need to be done and what the steps are.
Do you use, or intend to start using, PGP? If not, you do not need to do anything. If you do use PGP, the steps are basically: download the key, check its authenticity, sign it using your copy of PGP and add it to a key ring. Then use the new key (instead of the previous one) to verify the email messages you receive from the RIPE NCC. -- Thor Kottelin http://www.anta.net/
Thor Kottelin wrote:
From: "Cosku Yilmaz" <cosku@cccmos.com> To: <ncc-services-wg@ripe.net>, <ncc-announce@ripe.net> Date: Fri, 18 Dec 2009 12:39:15 +0300
Would you please explain what is need to be done and what the steps are.
Do you use, or intend to start using, PGP? If not, you do not need to do anything.
Correct.
If you do use PGP,
or alternatively GnuPG,
the steps are basically: download the key, check its authenticity, sign it using your copy of PGP
And that is not necessary (or even useful) in order "to just verify the email..."
and add it to a key ring. Then use the new key (instead of the previous one) to verify the email messages you receive from the RIPE NCC.
-W
-----Original Message----- From: Wilfried Woeber, UniVie/ACOnet [mailto:Woeber@CC.UniVie.ac.at] Sent: Friday, December 18, 2009 3:23 PM To: Thor Kottelin Cc: ncc-services-wg@ripe.net
Thor Kottelin wrote:
the steps are basically: download the key, check its authenticity, sign it using your copy of PGP
And that is not necessary (or even useful) in order "to just verify the email..."
If you trust the key, you should sign it. Until you have signed the key, PGP considers it invalid, and rightfully warns you should you try to verify a message signed with such a key. Please see e.g. <URL:http://www.mccune.cc/PGPpage2.htm#Bad-Invalid> in "Tom McCune's PGP Questions & Answers". -- Thor Kottelin http://www.anta.net/
Thor Kottelin wrote:
-----Original Message----- From: Wilfried Woeber, UniVie/ACOnet [mailto:Woeber@CC.UniVie.ac.at] Sent: Friday, December 18, 2009 3:23 PM To: Thor Kottelin Cc: ncc-services-wg@ripe.net
Thor Kottelin wrote:
the steps are basically: download the key, check its
authenticity,
sign it using your copy of PGP
And that is not necessary (or even useful) in order "to just verify the email..."
If you trust the key, you should sign it. Until you have signed the key, PGP considers it invalid, and rightfully warns you should you try to verify a message signed with such a key.
OK, then PGP and GnuPG obviously do behave differently. Sorry for the confusion!
Please see e.g. <URL:http://www.mccune.cc/PGPpage2.htm#Bad-Invalid> in "Tom McCune's PGP Questions & Answers".
Wilfried.
participants (2)
-
Thor Kottelin -
Wilfried Woeber, UniVie/ACOnet