Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Bedienungsanleitung PDF herunterladen (Seite 40)

sign other people's keys to successfully use GnuPG or Enigmail. To participate,

when you receive a public key and have verified both its fingerprint and the

identity of the key owner (either because you know him/her or by means of a ID

card, passport, driving license...), you sign the key to endorse the ownership of

that public key to that person.

You can sign a key by selecting it and choosing Edit → Sign Key from Key

Management, or by clicking the Sign Key button from Key Properties. A window

will pop up, asking you how carefully have you verified the identity of the key

owner. Choose an answer and click on OK. Your signature will then be

attached to that public key; if the key was already signed by other people, your

signature will be added to the list. When a key is exported, the list of signatures

is exported with it.

Once you have signed a public key, you should return it (for instance in a signed

email message) to the owner so he can redistribute it and upload it again on a

keyserver.

Note that you can upload your public keyring to a keyserver by the means of the

menu command Keyserver → Upload Public Keys, but this is not considered

good PGP netiquette: only the owner of a key pair should upload his public key.

In many cases you will want to perform a local signature only to mark keys on

your keyring as valid, without having them checked carefully. This is done by

ticking the option Local signature (cannot be exported) in the Sign Key window.

In fact, you should only sign keys as non-local (exportable) if you have carefully

checked the identity of the owner and the ownership of the key, as already said,

and that you intend to send the key back to the owner once you have signed it.

7.7.2. Trust levels

In addition to this, it is possible to subjectively decide the level of trust assigned

to a particular key signer. In the previous example, Alice could decide that she

does not trust Bob, because he is known for happily signing any public key he

gets his hands on without caring to verify the owner's identity. In this case she

sets the trust level of key 0xBBBBBBBB (the key Bob uses to sign other

people's public keys) to None.

Here, “trust” refers solely as Bob's capacity to properly validate public keys. It

does not infer anything else concerning Bob as a person, such as his

trustworthiness, his being a law-abiding citizen, or any of his moral qualities. It

does not concern, neither, the content of Bob's messages being truthful or not.

There are five levels of trust:

• Unknown. Nothing can be said about the owner's judgement in key

signing. This is the trust level initially associated to other people's public

keys in your keyring.

• None. The owner is known to improperly sign keys.

• Marginal. The owner is known to properly sign keys.

• Full. The owner is known to put great care in key signing.

• Ultimate. The owner is known to put great care in key signing, and is

allowed to make trust decisions for you.

1 2 ... 35 36 37 38 39 40 41 42 43 44 45 ... 105 106

Kommentare zu diesen Handbüchern

Keine Kommentare

Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Bedienungsanleitung Seite 40

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Server Red Hat DIRECTORY SERVER 8.1 - 11-01-2010