Re: PGP signatures.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Patrick O'Callaghan wrote:
> Slightly OT, but what the hell: we should realize that trusting keys
> isn't the same as trusting people. Trust as applied to PGP/GPG keys
> means "I believe this key belongs to this person (e.g. because the
> person physically gave me the public key and demonstrated that he
> could sign things with the corresponding private one)". It does
> *not* mean "I trust this person not to lie to me or do evil with the
> information I send him". It's unfortunate that the web-of-trust
> notion has taken on a semantic overlay that doesn't fit, due in
> large part to the unfortunate choice of terminology.

A good point.  In a few talks I've given on OpenPGP, I tried to make
the distinction that validity is for keys, and trust if for people.
And that this trust is (sort of like you say) in the sense of "I trust
this person to properly validate keys" and not in the "I trust this
person is a completely decent human." :)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I believe in the noble, aristocratic art of doing absolutely nothing.
And someday, I hope to be in a position where I can do even less.

Attachment: pgpN9JDUgFqN1.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux