Gentoo Archives: gentoo-security

From: Matthias Bethke <matthias@×××××××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key
Date: Tue, 01 Apr 2008 15:43:31
Message-Id: 20080401154226.GB10755@aldous
In Reply to: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key by Eric Martin
1 Hi Eric,
2 on Fri, Mar 28, 2008 at 03:13:43PM -0400, you wrote:
3 > I'm seeing a bunch of keys in my keyring with GSWoT(1) and PGP Global
4 > Directory(2) signatures on them. Obviously both websites encourage you
5 > to download their keys and trust them. While I realize what keys you
6 > trust is totally up to you, I'm wondering what fellow people do. My
7 > idea was to /maybe/ add them in as moderates that way they don't run my
8 > keyring for me, but still vouch for people where necessary.
10 As far as I can see, the PGP Global Directory does no verification apart
11 from checking that an email address exists, so its signature isn't worth
12 much for the WoT. The GSWoT signatures on the other hand mean the owner
13 of the key has been personally checked by an introducer. It's a matter
14 of taste but I usually don't sign role account keys, I think they should
15 be signed by members of the institution (the introducers in this case)
16 whom I can choose to trust because their identity can be verified. So as
17 I wanted to trust the GSWoT key, I just imported some intermediate keys
18 to build a couple of marginal trust paths via people I've met
19 personally.
21 cheers,
22 Matthias
23 --
24 I prefer encrypted and signed messages. KeyID: FAC37665
25 Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665


Subject Author
Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key Randy Barlow <randy@×××××××××××××××××.com>
Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key Eric Martin <freak4uxxx@×××××.com>