[wellylug] Meeting next week (GPG Key signing)
Richard Hector
richard at walnut.gen.nz
Sat Jun 14 11:31:39 NZST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14/06/14 01:31, Michael Fincham wrote:
> I'm happy to sign keys for people with or without ID (though I'll
> ascribe trust accordingly).
That's an interesting point. My understanding is that there are 2
things you can assert here.
1) I am confident that this person is who they say they are
2) I trust this person to be honest, including making good decisions
re point 1.
If you sign someone's key, you're asserting that they are who they say
they are. If you publish that signature - including sending it back to
the keyholder so that they can publish it - you're making that
assertion public, and you don't have options to incorporate your trust
in that person as part of that process. Any trust choices you make
stay within your keyring, and are used by you to decide what value to
place on that person's signatures.
So if you are happy to sign peoples keys without checking id, then
when I sign _your_ key, I would need to make the appropriate choice
and specify in _my_ keyring that I don't trust you to validate ids,
and that therefore your signatures are relatively worthless.
So thank you for making this statement - it helps everybody know where
they stand :-)
But I'd urge you to rethink, and consider your position on id-checking
for the implications on your reputation that it has.
This is all as I understand the system - I may well have got bits of
it wrong, and am always happy to be educated.
Thanks,
Richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQEcBAEBAgAGBQJTm4nbAAoJELSi8I/scBaNl0sH/0nWKry/uJrD7T43rfuPBe6F
sYSQcbGIYwBlWxSOWTxpVmMd1e6958eFeum7w7oFPZYSqhB4s4hMfmzdC/HIdef7
ov6/Bso7K1Po8RkiJbYtVThEq2AQi4Onz/nZAyLFD1bE2Rq2j/8F1oKBTq1/rIMr
CV0jbwNJLTJBA/aOF8vfNcdhaMLf8gSkz5FH/umqWiwj1RFOg7m7gVEr7HKThO1K
C8RPyAMi4NTd3+oF9rHdHofgiv9J8KrJrhJJmlM+u4gRiF8Ug2h0qKtzGlBrdlqU
q97647p6W/38D4Y9EEEuvq3/LnpFGrYyX6RkQDHJnNbe2KvMK//gKVVCzLQNX6k=
=fl9R
-----END PGP SIGNATURE-----
More information about the wellylug
mailing list