Re: [Hampshire] [ADMIN] Meeting Instructions

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDr A. J. Trickett at <-
MHugo Mills at ->
Author: Andy Smith
Date:  
To: hampshire
Subject: Re: [Hampshire] [ADMIN] Meeting Instructions

Reply to this message
gpg: failed to create temporary file '/var/lib/lurker/.#lk0x5681b100.hantslug.org.uk.18324': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Fri Apr 10 02:05:12 2009 BST
gpg: using DSA key 2099B64CBF15490B
gpg: Can't check signature: No public key
Hi Rik,

On Thu, Apr 09, 2009 at 05:37:13PM +0100, Rik wrote:
> Ahhh - thank you
> gpg --keyserver pgpkeys.mit.edu --recv-key 166C4BF0
> gpg: requesting key 166C4BF0 from hkp server pgpkeys.mit.edu
> gpg: key 166C4BF0: public key "Adam John Trickett
> <adam.trickett@???>" imported
>
> but:
> gpg: no ultimately trusted keys found
> Is that bad?

It's telling you that neither the key you imported nor any of the
ones that signed it are ultimately trusted by you. You just
downloaded and imported a key that claims it is Adam Trickett's, but
you have no way to know if it really is Adam Trickett's key.

If you ever met someone claiming to be this Adam Trickett, and he
could convince you that he really is this Adam Trickett, then you
could record that fact by signing his key. His key would then be
ultimately trusted.

Alternatively, if you met some of the people who claim to be the
ones who signed Adam Trickett's key, and they could convince you
that they were who they said they were, then you could record this
fact by signing their keys.

The fact that one or more of these people you trust *also* trusts
the identity of the person claiming to be Adam Trickett may be
enough to allow you to be convinced too, even though you had not
previously personally verified the identity of Adam Trickett. You
decide how many of these marginal trusts are needed.

This interlinking of ultimate trusts and multiple marginal
trusts forms what is known as the "web of trust" which is the
fundamental means of authenticating identity in PGP.

Without any ultimate or marginal trusts the best you can say is that
you have some data which was signed by someone who claims to be Adam
Trickett and this data is unaltered. Since anyone in the world can
create a new key pair that says it belongs to Adam Trickett, this
alone is not enough to say that the data really comes from the
person you think it does.

For more information, see http://en.wikipedia.org/wiki/Web_of_trust

Cheers,
Andy

--
http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB

My words are my own and do not represent Jacqui Caren.
This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-[Hampshire] Saturdays MeetingRe: [Hampshire] [ADMIN] Meeting Instructions->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)