On Thu, Apr 05, 2012 at 09:23:26AM +0200, Elena ``of Valhalla'' wrote: > On 2012-04-05 at 10:58:23 +1000, Fifty Four wrote: > > My understanding of key signing is that you only sign for what you believe > > to be true. The Certificate Authority Startcom created a certificate for my > > email address after Startcom verified my email address when I replied to > > their email check. > > > > AFAIK, to get a signed OpenPGP Certs I would need to attend a key signing > > party to verify my email address and check the key. > > Strictly speaking this is not true: you are supposed to meet in person > before a sign exchange happen, but it does not have to be at a > signing party.
A more rigorous approach to the web of trust is to use a procedure like http://wiki.cacert.org/FAQ/AssuranceDetails _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
