1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Matthias Bethke wrote: |
5 |
| Hi Eric, |
6 |
| on Fri, Mar 28, 2008 at 03:13:43PM -0400, you wrote: |
7 |
|> I'm seeing a bunch of keys in my keyring with GSWoT(1) and PGP Global |
8 |
|> Directory(2) signatures on them. Obviously both websites encourage you |
9 |
|> to download their keys and trust them. While I realize what keys you |
10 |
|> trust is totally up to you, I'm wondering what fellow people do. My |
11 |
|> idea was to /maybe/ add them in as moderates that way they don't run my |
12 |
|> keyring for me, but still vouch for people where necessary. |
13 |
| |
14 |
| As far as I can see, the PGP Global Directory does no verification apart |
15 |
| from checking that an email address exists, so its signature isn't worth |
16 |
| much for the WoT. The GSWoT signatures on the other hand mean the owner |
17 |
| of the key has been personally checked by an introducer. It's a matter |
18 |
| of taste but I usually don't sign role account keys, I think they should |
19 |
| be signed by members of the institution (the introducers in this case) |
20 |
| whom I can choose to trust because their identity can be verified. So as |
21 |
| I wanted to trust the GSWoT key, I just imported some intermediate keys |
22 |
| to build a couple of marginal trust paths via people I've met |
23 |
| personally. |
24 |
| |
25 |
| cheers, |
26 |
| Matthias |
27 |
Ok, thanks. I don't have those marginal trust paths but I do have a few |
28 |
introducers near me and I was planning on getting together and signing |
29 |
keys. I'll have to bump those plans up. Thanks for the pointers. |
30 |
|
31 |
- -- |
32 |
Eric Martin |
33 |
PGP fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F |
34 |
-----BEGIN PGP SIGNATURE----- |
35 |
Version: GnuPG v1.4.7 (MingW32) |
36 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
37 |
|
38 |
iD8DBQFH8nlpdheOldgSlQgRAjFbAKDALJzGQKNmnJtmIy5Cer99MYQf7QCfYdI+ |
39 |
MqtkNSYdxoqXT2Av0JO51FY= |
40 |
=Nb2m |
41 |
-----END PGP SIGNATURE----- |
42 |
-- |
43 |
gentoo-security@l.g.o mailing list |