Todd Zullinger wrote:
$ gpg --list-options 'show-policy-urls' --list-sigs silfreed pub 1024D/ED00D312 2000-06-21 uid Douglas E. Warner <silfreed@...> sig 3 ED00D312 2005-11-02 Douglas E. Warner <silfreed@...> sig 2 P BEAF0CE3 2006-08-07 Todd M. Zullinger <tmz@...> Signature policy: http://www.pobox.com/~tmz/pgp/cert-policy.asc [...] I don't intend for that to make anyone trust my signatures unless they know a bit about me, of course. But I do try to be a good example and let those who may trust me know just what I mean when they see a signature from me on a key. Both notations and cert policy URLS may contain some data that is unique to a particular signature. Strings such as %k, %K, and %f will be expanded to the short key id, long key id, and fingerprint of the key being signed, respectively. That way, you could make the notation or policy URL point to a page for each signature. There you could include such details as where you met, what information you exchanged, etc.
Great done, I am impressed, I wasn't even aware that such things exist!So, summarizing all this (see my the previous post from today) I'd say that what we need is:
* an OpenPGP web of trust "CA" (operated by RedHat/Fedora/whatever, sorry I'm not really aware of who is who here) with its public/private keypair (CAK) * an official and strictly-followed policy for signing people keys with CAK (trust level 0 sigs) * an official and strictly-followed policy for signing people keys with CAK (trust level 1 sigs) * a "marketing strategy" or something to tell people to trust CAK with the level of 2 * some "goodies" like list of keys signed by CAK published on the web, or maybe photos of all such meetings in person (depending on the policy); surely photos, names and bios of all trust-level-1 sigs holders. :-)
This way we achieve the goals of the revolution; we promote: * GNU * free software * security and authenticity * bazaar model * Fedora * OpenPGP web of trust, which is better than PKI. STF ======================================================================= http://eisenbits.homelinux.net/~stf/ OpenPGP: 9D25 3D89 75F1 DF1D F434 25D7 E87F A1B9 B80F 8062 =======================================================================
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines