Re: Web of Trust (a revolution)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Todd Zullinger wrote:

$ gpg --list-options 'show-policy-urls' --list-sigs silfreed
pub   1024D/ED00D312 2000-06-21
uid                  Douglas E. Warner <silfreed@...>
sig 3        ED00D312 2005-11-02  Douglas E. Warner <silfreed@...>
sig 2   P    BEAF0CE3 2006-08-07  Todd M. Zullinger <tmz@...>
   Signature policy: http://www.pobox.com/~tmz/pgp/cert-policy.asc
[...]

I don't intend for that to make anyone trust my signatures unless they
know a bit about me, of course.  But I do try to be a good example and
let those who may trust me know just what I mean when they see a
signature from me on a key.

Both notations and cert policy URLS may contain some data that is
unique to a particular signature.  Strings such as %k, %K, and %f will
be expanded to the short key id, long key id, and fingerprint of the
key being signed, respectively.  That way, you could make the notation
or policy URL point to a page for each signature.  There you could
include such details as where you met, what information you exchanged,
etc.


Great done, I am impressed, I wasn't even aware that such things exist!
So, summarizing all this (see my the previous post from today) I'd say that what we need is:
* an OpenPGP web of trust "CA" (operated by RedHat/Fedora/whatever, sorry I'm not really aware of who is who here) with its public/private keypair (CAK) * an official and strictly-followed policy for signing people keys with CAK (trust level 0 sigs) * an official and strictly-followed policy for signing people keys with CAK (trust level 1 sigs) * a "marketing strategy" or something to tell people to trust CAK with the level of 2 * some "goodies" like list of keys signed by CAK published on the web, or maybe photos of all such meetings in person (depending on the policy); surely photos, names and bios of all trust-level-1 sigs holders. :-) 

This way we achieve the goals of the revolution; we promote:
* GNU
* free software
* security and authenticity
* bazaar model
* Fedora
* OpenPGP web of trust, which is better than PKI.

STF

=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: 9D25 3D89 75F1 DF1D F434  25D7 E87F A1B9 B80F 8062
=======================================================================

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux