Hi Rumen, on Friday, 2005-06-24 at 22:26:35, you wrote: > >3) On the same note, I don't have a "Web of Trust"; my key is unsigned > >(naturally), and the keys I've collected from this list I have not dared > >to specify trust levels for. Should I be concerned about this, and take > >steps to rectify the situation with all due haste? If so, how would I go > >about that? All I've heard of are key-signing parties, which seem > >unlikely be a feasible option for me. > > > Think this is one of the main purposes of keyservers (to hold keys) ;)
Well, they supply you the keys in an automatic way, but they don't resolve the trust problem. If you don't have any signatures on your key, the only way for somebody else to trust it is to make sure they got the key from you personally, or that you have confirmed its fingerprint over a secure (i.e. hard to forge, like telephone where you recognize the voice of somebody you know personally) channel. To be able to trust others is a little easier. You have to sign the key of some trust center after you have verified that it's genuine. For example, the "c't magazine trust center" I have a sig from on my key publishes a) its key on common keyservers, and b) the fingerprint in the magazine itself. For somebody else to put a forged key on a server *and* hack their prepress system to put his own fingerprint into the print version should be next to impossible, so that's pretty good proof of identity. Once you signed it and set it to full trust, you have allowed the TC to "introduce" people, i.e. you will automatically trust every other key *they* have signed. > >4) Clearly no one I am in contact with seems to really care if I sign my > >emails by default, but should I protect them from themselves and do so > >anyway? Are there any benefits to this good habit, especially since my > >key is unsigned anyway? > > > Using this proves your identity (email address from) Sort of. Of course somebody could just generate a key for your address, but for people you regularly exchange mail with it's still a good habit, as e.g. some worm sending mail with your sender address won't be able (nor, usually, willing) to sign its mail. Plus, it helps to remind people of the possibility... cheers! Matthias -- I prefer encrypted and signed messages. KeyID: 90CF8389 Fingerprint: 8E 1F 10 81 A4 66 29 46 B9 8A B9 E2 09 9F 3B 91
pgptTlTjhYWvU.pgp
Description: PGP signature
