Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Eric Martin <freak4uxxx@...>
Subject: Re: gpg keys; GSWoT & PGP Global Directory Key
Date: Tue, 01 Apr 2008 14:05:29 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthias Bethke wrote:
| Hi Eric,
| on Fri, Mar 28, 2008 at 03:13:43PM -0400, you wrote:
|> I'm seeing a bunch of keys in my keyring with GSWoT(1) and PGP Global
|> Directory(2) signatures on them.  Obviously both websites encourage you
|> to download their keys and trust them.  While I realize what keys you
|> trust is totally up to you, I'm wondering what fellow people do.  My
|> idea was to /maybe/ add them in as moderates that way they don't run my
|> keyring for me, but still vouch for people where necessary.
|
| As far as I can see, the PGP Global Directory does no verification apart
| from checking that an email address exists, so its signature isn't worth
| much for the WoT. The GSWoT signatures on the other hand mean the owner
| of the key has been personally checked by an introducer. It's a matter
| of taste but I usually don't sign role account keys, I think they should
| be signed by members of the institution (the introducers in this case)
| whom I can choose to trust because their identity can be verified. So as
| I wanted to trust the GSWoT key, I just imported some intermediate keys
| to build a couple of marginal trust paths via people I've met
| personally.
|
| cheers,
| 	Matthias
Ok, thanks.  I don't have those marginal trust paths but I do have a few
introducers near me and I was planning on getting together and signing
keys.  I'll have to bump those plans up.  Thanks for the pointers.

- --
Eric Martin
PGP fingerprint = D1C4 086E DBB5 C18E 6FDA  B215 6A25 7174 A941 3B9F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH8nlpdheOldgSlQgRAjFbAKDALJzGQKNmnJtmIy5Cer99MYQf7QCfYdI+
MqtkNSYdxoqXT2Av0JO51FY=
=Nb2m
-----END PGP SIGNATURE-----
-- 
gentoo-security@g.o mailing list


References:
gpg keys; GSWoT & PGP Global Directory Key
-- Eric Martin
Re: gpg keys; GSWoT & PGP Global Directory Key
-- Matthias Bethke
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: gpg keys; GSWoT & PGP Global Directory Key
Next by thread:
AUTO: Janek Lünstedt ist außer Haus (Rückkehr am 14.04.2008)
Previous by date:
Re: gpg keys; GSWoT & PGP Global Directory Key
Next by date:
Prince, Samuel is out of the office.


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.