Kmail does not import gpg keys automatically?
On Monday 11 February 2008, Patrick Holthaus wrote:
> Hi and thanks for the reply!
> > I use hkp://subkeys.pgp.net as my default keyserver and do not seem to
> > have such a problem (unless I open a new message offline, which has a new
> > key that has not been imported yet from the keyserver).
> I changed the default server to the one you use. It seems to work now.
> gpg --refresh-keys had an error with the MIT server and it works with
> Nevertheless I have to set the trust to ultimately of each imported key in
> KGPG, right?
NO! Only if you trust the guy who owns the key. That trust can only be
gained if you have verified (in person) that he is the owner of the
registered email address and pgp key! Otherwise, the whole principle of "Web
of Trust" falls apart. That's what the key exchange meetings are all about.
Now, you can't meet everyone in person who has a pgp key, right? But if you
have verified that Bob is who he says he is and his key matches up to his
email address, and Bob has gone through the same process with Fred, then by
implication you may chose to also trust Fred and any others that Bob has
verified. For obvious reasons you may chose to mark Fred's key as trusted to
a lesser degree than Bob's.
Have a look at these links for more info on this subject: