With the message from Tobias (who is in my kerying now), I get: *** PGP Signature Status: good, but key has no validity *** Signer: Tobias Haustein (Informatik IV, RWTH-Aachen) <hausteinat_private-aachen.de> *** Signed: 08/03/00 at 12:53 *** Verified: 09/03/00 at 8:58 But with the other message, I got: *** PGP Signature Status: good, Signer <unknown> or something like that. Looking this signer up, I got the entry for Mike Evans, who was NOT the guy who had signed it. It may all come down to bad wording, and teaching the users. But most of the simple non-technical users would assume that doing a lookup, and only get one ID back would signal that this signature had indeed signed it. I think that at least the wording should be different. Something like: *** PGP message signature not validated because sender unknown *** Signer: unknown / nobody This would clearly tell end users that something is going wrong. Saying the checksum is OK, without checking and listing the signers signature is worse, and would fool more users. -- --- Povl H. Pedersen - Chief Technology Officer - NetGuide Scandinavia as Phone: +45 8618 1845 Cellular: +45 4093 5511 Fax: +45 8618 1863 e-mail: mailto:popeat_private - PGP Key ID: 0x8F4BC755
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:39 PDT