gpg: failed to create temporary file '/var/lib/lurker/.#lk0x56f6f100.hantslug.org.uk.4506': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Fri Apr 10 02:17:20 2009 BST
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Fri, Apr 10, 2009 at 01:05:12AM +0000, Andy Smith wrote:
> On Thu, Apr 09, 2009 at 05:37:13PM +0100, Rik wrote:
> > Ahhh - thank you
> > gpg --keyserver pgpkeys.mit.edu --recv-key 166C4BF0
> > gpg: requesting key 166C4BF0 from hkp server pgpkeys.mit.edu
> > gpg: key 166C4BF0: public key "Adam John Trickett
> > <adam.trickett@???>" imported
> >
> > but:
> > gpg: no ultimately trusted keys found
> > Is that bad?
>
> It's telling you that neither the key you imported nor any of the
> ones that signed it are ultimately trusted by you. You just
> downloaded and imported a key that claims it is Adam Trickett's, but
> you have no way to know if it really is Adam Trickett's key.
>
> If you ever met someone claiming to be this Adam Trickett, and he
> could convince you that he really is this Adam Trickett, then you
> could record that fact by signing his key. His key would then be
> ultimately trusted.
Not quite, as I understand it. "Ultimate trust" would be what you
give to your *own* key(s), and no others (i.e. you, personally, should
have no doubts about the legitimacy of the keys you control). Keys
you've checked the validity of and signed are still less trusted than
"ultimate trust" -- see Andy's comments below.
> Alternatively, if you met some of the people who claim to be the
> ones who signed Adam Trickett's key, and they could convince you
> that they were who they said they were, then you could record this
> fact by signing their keys.
>
> The fact that one or more of these people you trust *also* trusts
> the identity of the person claiming to be Adam Trickett may be
> enough to allow you to be convinced too, even though you had not
> previously personally verified the identity of Adam Trickett. You
> decide how many of these marginal trusts are needed.
>
> This interlinking of ultimate trusts and multiple marginal
> trusts forms what is known as the "web of trust" which is the
> fundamental means of authenticating identity in PGP.
[...]
> For more information, see http://en.wikipedia.org/wiki/Web_of_trust
There's also a handy HantsLUG talk on the subject:
http://www.hants.lug.org.uk/cgi-bin/wiki.pl?TechTalks/2ndFebruary2008
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- emacs: Eighty Megabytes And Constantly Swapping. ---
