Mailing List Archive: valid sig, invlalid key?

valid sig, invlalid key?

Aug 23, 2000, 4:47 PM

Post #1 of 3 (457 views)

Our organization recently started signing it's email using GnuPG. A win2000 PGP
6.5.2 user is getting this message when verifying the GnuPG signed email.

*** PGP Signature Status: good
*** Signer: My Company <me@mycompany.com> (Invalid)
*** Signed: 8/23/2000 10:39:46 AM
*** Verified: 8/23/2000 4:20:59 PM
*** BEGIN PGP VERIFIED MESSAGE ***

The message verifies as good, but what's the (Invalid) message?

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Re: valid sig, invlalid key? [ In reply to ]

ftobin at uiuc

Aug 23, 2000, 5:10 PM

Post #2 of 3 (451 views)

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Turley, at 19:47 -0400 on Wed, 23 Aug 2000, wrote:

> *** PGP Signature Status: good
> *** Signer: My Company <me@mycompany.com> (Invalid)
> *** Signed: 8/23/2000 10:39:46 AM
> *** Verified: 8/23/2000 4:20:59 PM
> *** BEGIN PGP VERIFIED MESSAGE ***
>
> The message verifies as good, but what's the (Invalid) message?

While I personally haven't used PGP in years, "Invalid" is likely PGP's
terminology for something being "not validated"; that is, the receiving
end has not validated through the Web Of Trust that the key actually
belongs to "My Company".

Personally, I really don't like term "invalid" in these scenarios, because
"invalid" is not really the inverse of "valid"; "invalid" positively
reflects something being corrupted, while "valid" positively reflects
authenticity. The situation is more in the middle; "unknown validity".

- --
Frank Tobin http://www.uiuc.edu/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjmkaAoACgkQVv/RCiYMT6MiBACeKxXouAwT9XUh8+CZYpiaolGZ
Ef8An3MTxY5fQbCvV0xwsHrXCWDDp154
=N5Vo
-----END PGP SIGNATURE-----

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Re: valid sig, invlalid key? [ In reply to ]

dturley at pobox

Aug 23, 2000, 5:21 PM

Post #3 of 3 (452 views)

Permalink

Wow! In less than 30 minutes I receive multiple answers and get the guy off
my back!

Thank you all.

On 24-Aug-2000 Frank Tobin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David Turley, at 19:47 -0400 on Wed, 23 Aug 2000, wrote:
>
>> *** PGP Signature Status: good
>> *** Signer: My Company <me@mycompany.com> (Invalid)
>> *** Signed: 8/23/2000 10:39:46 AM
>> *** Verified: 8/23/2000 4:20:59 PM
>> *** BEGIN PGP VERIFIED MESSAGE ***
>>
>> The message verifies as good, but what's the (Invalid) message?
>
> While I personally haven't used PGP in years, "Invalid" is likely PGP's
> terminology for something being "not validated"; that is, the receiving
> end has not validated through the Web Of Trust that the key actually
> belongs to "My Company".
>
> Personally, I really don't like term "invalid" in these scenarios, because
> "invalid" is not really the inverse of "valid"; "invalid" positively
> reflects something being corrupted, while "valid" positively reflects
> authenticity. The situation is more in the middle; "unknown validity".
>
> - --
> Frank Tobin http://www.uiuc.edu/~ftobin/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.2 (FreeBSD)
> Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
>
> iEYEARECAAYFAjmkaAoACgkQVv/RCiYMT6MiBACeKxXouAwT9XUh8+CZYpiaolGZ
> Ef8An3MTxY5fQbCvV0xwsHrXCWDDp154
> =N5Vo
> -----END PGP SIGNATURE-----

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org