| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Matthias Bethke wrote: |
| 5 |
| Hi Eric, |
| 6 |
| on Fri, Mar 28, 2008 at 03:13:43PM -0400, you wrote: |
| 7 |
|> I'm seeing a bunch of keys in my keyring with GSWoT(1) and PGP Global |
| 8 |
|> Directory(2) signatures on them. Obviously both websites encourage you |
| 9 |
|> to download their keys and trust them. While I realize what keys you |
| 10 |
|> trust is totally up to you, I'm wondering what fellow people do. My |
| 11 |
|> idea was to /maybe/ add them in as moderates that way they don't run my |
| 12 |
|> keyring for me, but still vouch for people where necessary. |
| 13 |
| |
| 14 |
| As far as I can see, the PGP Global Directory does no verification apart |
| 15 |
| from checking that an email address exists, so its signature isn't worth |
| 16 |
| much for the WoT. The GSWoT signatures on the other hand mean the owner |
| 17 |
| of the key has been personally checked by an introducer. It's a matter |
| 18 |
| of taste but I usually don't sign role account keys, I think they should |
| 19 |
| be signed by members of the institution (the introducers in this case) |
| 20 |
| whom I can choose to trust because their identity can be verified. So as |
| 21 |
| I wanted to trust the GSWoT key, I just imported some intermediate keys |
| 22 |
| to build a couple of marginal trust paths via people I've met |
| 23 |
| personally. |
| 24 |
| |
| 25 |
| cheers, |
| 26 |
| Matthias |
| 27 |
Ok, thanks. I don't have those marginal trust paths but I do have a few |
| 28 |
introducers near me and I was planning on getting together and signing |
| 29 |
keys. I'll have to bump those plans up. Thanks for the pointers. |
| 30 |
|
| 31 |
- -- |
| 32 |
Eric Martin |
| 33 |
PGP fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F |
| 34 |
-----BEGIN PGP SIGNATURE----- |
| 35 |
Version: GnuPG v1.4.7 (MingW32) |
| 36 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 37 |
|
| 38 |
iD8DBQFH8nlpdheOldgSlQgRAjFbAKDALJzGQKNmnJtmIy5Cer99MYQf7QCfYdI+ |
| 39 |
MqtkNSYdxoqXT2Av0JO51FY= |
| 40 |
=Nb2m |
| 41 |
-----END PGP SIGNATURE----- |
| 42 |
-- |
| 43 |
gentoo-security@l.g.o mailing list |
Archives