Gentoo Archives: gentoo-security

From: Eric Martin <freak4uxxx@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key
Date: Tue, 01 Apr 2008 18:08:31
In Reply to: Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key by Matthias Bethke
2 Hash: SHA1
4 Matthias Bethke wrote:
5 | Hi Eric,
6 | on Fri, Mar 28, 2008 at 03:13:43PM -0400, you wrote:
7 |> I'm seeing a bunch of keys in my keyring with GSWoT(1) and PGP Global
8 |> Directory(2) signatures on them. Obviously both websites encourage you
9 |> to download their keys and trust them. While I realize what keys you
10 |> trust is totally up to you, I'm wondering what fellow people do. My
11 |> idea was to /maybe/ add them in as moderates that way they don't run my
12 |> keyring for me, but still vouch for people where necessary.
13 |
14 | As far as I can see, the PGP Global Directory does no verification apart
15 | from checking that an email address exists, so its signature isn't worth
16 | much for the WoT. The GSWoT signatures on the other hand mean the owner
17 | of the key has been personally checked by an introducer. It's a matter
18 | of taste but I usually don't sign role account keys, I think they should
19 | be signed by members of the institution (the introducers in this case)
20 | whom I can choose to trust because their identity can be verified. So as
21 | I wanted to trust the GSWoT key, I just imported some intermediate keys
22 | to build a couple of marginal trust paths via people I've met
23 | personally.
24 |
25 | cheers,
26 | Matthias
27 Ok, thanks. I don't have those marginal trust paths but I do have a few
28 introducers near me and I was planning on getting together and signing
29 keys. I'll have to bump those plans up. Thanks for the pointers.
31 - --
32 Eric Martin
33 PGP fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F
35 Version: GnuPG v1.4.7 (MingW32)
36 Comment: Using GnuPG with Mozilla -
38 iD8DBQFH8nlpdheOldgSlQgRAjFbAKDALJzGQKNmnJtmIy5Cer99MYQf7QCfYdI+
39 MqtkNSYdxoqXT2Av0JO51FY=
40 =Nb2m
41 -----END PGP SIGNATURE-----
42 --
43 gentoo-security@l.g.o mailing list