[mew-int 01529] Re: PGP question
Kazu Yamamoto ( 山本和彦 )
kazu at example.com
Fri Sep 12 16:23:16 JST 2003
From: Werner LEMBERG <wl at example.com>
Subject: [mew-int 01520] PGP question
> After PGP verifying I often get this:
>
> <body> Good PGP sign "Ruslan Ermilov (FreeBSD Ukraine)
> <ru at example.com>" UNDEFINED
>
> What does the `UNDEFINED' mean? I can't find an explanation in the
> mew docs.
When you use PGP, you should understand validity and trust first.
Validity is a parameter to describe how much you can trust that a
publicy key belongs to the person whom its ID specifies.
Validity can have four values:
complete
marginal
untrusted
undefined
When you use a public key of another person (creating encrypted
message or verifying his signature), validity is important as you can
guess.
PGP 2.3 warns you according to a value of validity:
complete:
nothing (yes, you think 100% this public key belongs to him)
marginal:
"WARNING: Because this public key is not certified with enough
trusted signatures, it is not known with high confidence that
this public key actually belongs to:"
untrusted:
"WARNING: This public key is not trusted to actually belong to:"
undefined:
"WARNING: Because this public key is not certified with a
trusted signature, it is not known with high confidence that
this public key actually belongs to:"
Note that validity is calculated with trust values which you set. This
is heart of the "web of trust". You should understand this before you
start using PGP.
Unfortunately, the O'Reilly book "PGP" does not explain what web of
trust is. So, I added one section to explain it when I translated it
into Japanese. :-)
--Kazu
More information about the Mew-int
mailing list