Gentoo Archives: gentoo-security

From: Randy Barlow <randy@×××××××××××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key
Date: Tue, 01 Apr 2008 15:55:16
Message-Id: 47F25AAE.60200@electronsweatshop.com
In Reply to: Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key by Matthias Bethke
1 Matthias Bethke wrote:
2 > As far as I can see, the PGP Global Directory does no verification apart
3 > from checking that an email address exists, so its signature isn't worth
4 > much for the WoT. The GSWoT signatures on the other hand mean the owner
5 > of the key has been personally checked by an introducer. It's a matter
6 > of taste but I usually don't sign role account keys, I think they should
7 > be signed by members of the institution (the introducers in this case)
8 > whom I can choose to trust because their identity can be verified. So as
9 > I wanted to trust the GSWoT key, I just imported some intermediate keys
10 > to build a couple of marginal trust paths via people I've met
11 > personally.
12
13 http://xkcd.com/364/
14
15 --
16 Randy Barlow
17 http://electronsweatshop.com
18 --
19 gentoo-security@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key Eric Martin <freak4uxxx@×××××.com>