Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)

To: Ralf Treinen <treinen@club-internet.fr>
Cc: debian-newmaint-admin@lists.debian.org
Subject: Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
From: Matthew Vernon <matthew@sel.cam.ac.uk>
Date: Tue, 17 Apr 2001 13:26:16 +0100 (BST)
Message-id: <[🔎] 15068.13928.661825.171764@rapun.sel.cam.ac.uk>
In-reply-to: <[🔎] 20010417004040.K530@club-internet.fr>
References: <[🔎] 20010416191924.F530@club-internet.fr> <[🔎] 20010416210254.A5125@mclink.it> <[🔎] 20010416214806.J530@club-internet.fr> <[🔎] 20010416221257.B5626@nautilus.noreply.org> <[🔎] 20010416225521.A1093@ocsi.debian.net> <[🔎] 20010417004040.K530@club-internet.fr>

Ralf Treinen writes:
 > On Mon, Apr 16, 2001 at 10:55:21PM +0200, Lenart Janos wrote:
 > > 
 > > It's terrible what you people here call keysigning, and keysign
 > > checking. You are using --list-sigs and not --check-sigs, --list-sigs
 > > DOES NOT CHECK ANYTHING. And that other guy signs a UID that's
 > > invalid. So, if elmo rejects the application the applicant can be happy
 > > with having a signed @debian.org UID, I have no idea whatever it's good
 > > for by this time, but it's BAD anyway. The web of trust is piece of shit
 > > becouse of the 'I-don\'t-care' users of strong encryption systems.
 > 
 > If I sign a key I confirm the fact that the person with the name on
 > the key has claimed to me that the key is his. IMHO my signature on
 > the key does not confirm that the person is owner of the mailbox.
 > Am I right?

No. You should be certifying that a) the email address on the key owns
the key, and b) that this corresponds to the person named in the
key. I typically do this by sending PGP-encrypted mail to the address
on the key, and making sure I get a reply (as well as looking at ID
when I'm handed the fingerprint).

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org

Reply to:

Follow-Ups:
- Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
  - From: "Jürgen A. Erhard" <juergen.erhard@gmx.net>

References:
- AM report on Thierry Bourrillon
  - From: Ralf Treinen <treinen@club-internet.fr>
- Re: AM report on Thierry Bourrillon
  - From: Christian Surchi <csurchi@debian.org>
- Re: AM report on Thierry Bourrillon
  - From: Ralf Treinen <treinen@club-internet.fr>
- Re: AM report on Thierry Bourrillon
  - From: Peter Palfrader <weasel@debian.org>
- GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
  - From: Lenart Janos <ocsi@irisz.hu>
- Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
  - From: Ralf Treinen <treinen@club-internet.fr>

Prev by Date: Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
Next by Date: Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
Previous by thread: Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
Next by thread: Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
Index(es):
- Date
- Thread