On Mon, 2009-03-30 at 11:23 +0100, Anne Wilson wrote: > If you examine my key you will see that it is signed by a number of > people who have properly verified that I am who I say I am. This is > essential for the web of trust to work, but frankly it is not > understood by many people, and I've seen conversations where people > will sign anyone's key. The whole web of trust falls apart when this > happens. Looking at your key, using the seahorse program, I can see nothing that gives me any indication that the signers have checked anything, only a list of names of who the signers are. Not very helpful... You'd have to use something else to see certification levels, e.g. command line tools. Of course the indicator will only be that person X *says* they've checked you out. There's nothing to enforce them being truthful. As you say, some will sign anything willy nilly. The web of trust is really only useful with people that you actually know. You can't make any assumptions just because a key is counter-signed. A third party's referral is useless. The only third party that you could trust would be some service that you know refuses to sign keys without adequate verification, assuming that there is one, and that you know of their reputation. -- [tim@localhost ~]$ uname -r 2.6.27.19-78.2.30.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
