1 |
Matthias Bethke wrote: |
2 |
> As far as I can see, the PGP Global Directory does no verification apart |
3 |
> from checking that an email address exists, so its signature isn't worth |
4 |
> much for the WoT. The GSWoT signatures on the other hand mean the owner |
5 |
> of the key has been personally checked by an introducer. It's a matter |
6 |
> of taste but I usually don't sign role account keys, I think they should |
7 |
> be signed by members of the institution (the introducers in this case) |
8 |
> whom I can choose to trust because their identity can be verified. So as |
9 |
> I wanted to trust the GSWoT key, I just imported some intermediate keys |
10 |
> to build a couple of marginal trust paths via people I've met |
11 |
> personally. |
12 |
|
13 |
http://xkcd.com/364/ |
14 |
|
15 |
-- |
16 |
Randy Barlow |
17 |
http://electronsweatshop.com |
18 |
-- |
19 |
gentoo-security@l.g.o mailing list |