Re: Web of Trust (a revolution)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2009-03-30 at 11:23 +0100, Anne Wilson wrote:
> If you examine my key you will see that it is signed by a number of
> people who have properly verified that I am who I say I am.  This is
> essential for the web of trust to work, but frankly it is not
> understood by many people, and I've seen conversations where people
> will sign anyone's key.  The whole web of trust falls apart when this
> happens.

Looking at your key, using the seahorse program, I can see nothing that
gives me any indication that the signers have checked anything, only a
list of names of who the signers are.  Not very helpful...  You'd have
to use something else to see certification levels, e.g. command line
tools.  Of course the indicator will only be that person X *says*
they've checked you out.  There's nothing to enforce them being
truthful.

As you say, some will sign anything willy nilly.  The web of trust is
really only useful with people that you actually know.  You can't make
any assumptions just because a key is counter-signed.  A third party's
referral is useless.  The only third party that you could trust would be
some service that you know refuses to sign keys without adequate
verification, assuming that there is one, and that you know of their
reputation.

-- 
[tim@localhost ~]$ uname -r
2.6.27.19-78.2.30.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux