Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Hi Eric,
on Fri, Mar 28, 2008 at 03:13:43PM -0400, you wrote:
> I'm seeing a bunch of keys in my keyring with GSWoT(1) and PGP Global
> Directory(2) signatures on them. Obviously both websites encourage you
> to download their keys and trust them. While I realize what keys you
> trust is totally up to you, I'm wondering what fellow people do. My
> idea was to /maybe/ add them in as moderates that way they don't run my
> keyring for me, but still vouch for people where necessary.
As far as I can see, the PGP Global Directory does no verification apart
from checking that an email address exists, so its signature isn't worth
much for the WoT. The GSWoT signatures on the other hand mean the owner
of the key has been personally checked by an introducer. It's a matter
of taste but I usually don't sign role account keys, I think they should
be signed by members of the institution (the introducers in this case)
whom I can choose to trust because their identity can be verified. So as
I wanted to trust the GSWoT key, I just imported some intermediate keys
to build a couple of marginal trust paths via people I've met
personally.
cheers,
Matthias
--
I prefer encrypted and signed messages. KeyID: FAC37665
Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665
|
|
