Re: Migrating to GPG - A mini-HOWTO

To: Debian Development <debian-devel@lists.debian.org>
Subject: Re: Migrating to GPG - A mini-HOWTO
From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
Date: Tue, 14 Sep 1999 23:55:39 +0200
Message-id: <[🔎] 19990914235511.B3397@finlandia.infodrom.north.de>
Reply-to: Martin Schulze <joey@infodrom.north.de>
In-reply-to: <[🔎] 19990914070718.I7102@justice.loyola.edu>
References: <[🔎] 19990914054409.B15684@finlandia.infodrom.north.de> <[🔎] Pine.LNX.3.96.990913233410.3403d-100000@Wakko.deltatee.com> <[🔎] 19990914082754.C15684@finlandia.infodrom.north.de> <[🔎] 87lna9vr7h.fsf@sheikh.hands.com> <[🔎] 19990914112102.A23682@mini.gt.owl.de> <[🔎] 19990914070718.I7102@justice.loyola.edu>

Michael Stone wrote:
> On Tue, Sep 14, 1999 at 11:21:02AM +0200, Florian Lohoff wrote:
> > Just a small thought - If there is a web of trust on pgp - You
> > should be able to transfer it to "gpg".
> > 
> > Just send the gpg key in a mail signed with pgp. You are
> > able to verify the consistency of the mail and is to the 
> > hand of the sender (aka Owner of the 2 Keys) to enshure
> > the content of the mail is valid (As He/She does when printing
> > fingerprints) ...
> 
> Not really. What if the pgp key is compromised? The original owner can
> release a revocation certificate for the pgp key, but if someone creates
> a new gpg key that you sign based on the (compromised) pgp key then
> you've possibly validated a key that the original owner cannot revoke.
> That would be bad.

So what do you propose?  Not using any digital signing at all?
What if you fake your passport and it's not Mike Stone but Joe
Blair pretending to be you and I sign your key.  That would be bad.

Regards,

	Joey

-- 
Let's call it an accidental feature.  --Larry Wall

Please always Cc to me when replying to me on the lists.

Reply to:

Follow-Ups:
- Re: Migrating to GPG - A mini-HOWTO
  - From: Michael Stone <mstone@debian.org>

References:
- Re: Migrating to GPG - A mini-HOWTO
  - From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
- Re: Migrating to GPG - A mini-HOWTO
  - From: Jason Gunthorpe <jgg@ualberta.ca>
- Re: Migrating to GPG - A mini-HOWTO
  - From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
- Re: Migrating to GPG - A mini-HOWTO
  - From: Philip Hands <phil@hands.com>
- Re: Migrating to GPG - A mini-HOWTO
  - From: Florian Lohoff <flo@rfc822.org>
- Re: Migrating to GPG - A mini-HOWTO
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: /opt/ again (was Re: FreeBSD-like approach for Debian? [was: ...])
Next by Date: Re: /opt/ again (was Re: FreeBSD-like approach for Debian? [was: ...])
Previous by thread: Re: Migrating to GPG - A mini-HOWTO
Next by thread: Re: Migrating to GPG - A mini-HOWTO
Index(es):
- Date
- Thread