Does Guard use the Web of Trust
In PGP encryption, there is the Web of Trust – a trust network in which PGP users can mutually sign the validity of their keys, thereby establishing trust in the authenticity of a user who is only indirectly known.
How does this work with mailbox Guard?
In mailbox Guard it is currently not implemented that you can manage and/or evaluate signatures of other users on keys.
Instead, mailbox Guard is based on the fact that you manually import the recipients’ keys into Guard and thereby classify them as valid and trustworthy. Signatures on the keys do not play a role in this process.
Before importing a key, you will be shown, among other things, the fingerprint of the key. You should verify this (and possibly other characteristics) with the sender via a secure second channel (e.g., by phone, SMS, chat, verbally, or in writing) before importing the key – as this is how you extend your trust to them.