[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PGP Key Signing HOWTO: preparation for Linux Expo



On Wed, Apr 28, 1999 at 08:24:23PM -0700, Jonathan Walther wrote:
> Yes, but we all know that I've met Wichert in person :p  So I don't
> understand the execessiveness I see displayed here.  Joseph, you SAW me
> hanging out with Wichert :>  In any other circumstance, your comments are
> very valid, and any newbie would do well to study them with care.

But I didn't see him looking at your ID, so I can't say that I'm sure his
sig on your key means anything to me other than that he trusts your key. 
I have to make the determination of whether or not _I_ trust it myself. 

By my sig on your key, others can assume that I'm certain you're you, but
they shouldn't necessarily assume that means they can be sure you're you,
just that any two messages signed by your key came from the person who
owns that key, be it you or someone impersonating you.  =>  Of course if
you have ten developers who have signed your key, I'm much more likely to
believe you're you than if you had one or none at all.

When it comes to cryptography, paranoia is a good thing.

--
Joseph Carter <knghtbrd@debian.org>            Debian GNU/Linux developer
PGP: E8D68481E3A8BB77 8EE22996C9445FBE            The Source Comes First!
-------------------------------------------------------------------------
<muggles> i'm trying to convince some netcom admins i know to convert
          to Debian from RH, netgod, but they are DAMN stubborn
<muggles> why RH users so damned hard headed?
<Espy> it's the hat

Attachment: pgpicXwJ7shaF.pgp
Description: PGP signature


Reply to: