Re: PGP signatures.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 28 May 2008 17:11:07 Mikkel L. Ellertson wrote:
> Tim wrote:
> > Patrick O'Callaghan:
> >>> gpg --sign-key <name>
> >
> > Bill Crawford:
> >> --lsign-key, please, unless you have met the person and seen their
> >> passport.
> >
> > A good idea, but could you tell a forged passport apart from a real one?
> > I'm sure that I couldn't.  Likewise for other forms of ID, I couldn't
> > tell a real one from a good fake, and I'd have no way to verify a real
> > ID.
> >
> > Though I seriously doubt that most of use would be using gpg in a way
> > that required such a level of personal identify assurance.
>
> I started signing my email to the lists when a couple of messages
> hit a list with my email address that were not from me. This way, a
> forged message stands out because of the lack of signature, or a
> because it is signed by a different key.
>
For me, it was when someone accused me of sending a virused email, again on a 
forged message.

It is important, though, to maintain the web-of-trust.  It does have legal 
implications, and that's why local signing is an option.  I use encryption 
for correspondence with one person, and for that I have to use ultimate 
trust, yet I've never met him.  The name I know him by may not be his.  It 
would be utterly wrong for me to upload his signature, signed, as that says 
to people "You can trust this guy utterly.  I vouch for him."  And you can't 
do that for someone you haven't even met.

Anne

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux