Re: GPG Key Signing <Pine.LNX.4.30.0107021026380.10696-100000@tennyson.netexpress.net>
>>"Steve" == Steve Langasek <vorlon@netexpress.net> writes:
Steve> The Web of Trust necessarily depends on participants acting
Steve> out of enlightened self-interest. IMHO, signing a public key
Steve> of somebody who's already lost the private key is much less of
Steve> a concern than signing the key of someone so incredibly
Steve> bone-headed that they've posted their private key to Usenet;
Steve> and since I can never prove that the person who's key I'm
Steve> signing isn't this clueless, I don't see much value in
Steve> protecting against the first case, especially since both
Steve> problems affect the value of *their* key, not the value
Steve> of mine or of the Web of Trust as a whole.
By this argument, since there can never be perfect security,
why bother? There is some value to the checks provided by the
protocol, and now you know I follow that protocol, there is added
value to having my signature on a key (indeed, I have been told that
my paronia makes people trust my key sigs more than the norm), so
there is indeed enlightened self interest at work here.
Anyway. Its a key signing protocol. Almost no one except me
follows it. I like it. Your mileage may vary.
manoj
--
I don't know why, but first C programs tend to look a lot worse than
first programs in any other language (maybe except for fortran, but
then I suspect all fortran programs look like `firsts') Olaf Kirch
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: