On 3/12/2011 1:05 PM, MFPA wrote: > How does the WoT idea require me to know the names or email addresses > associated with the keys in the trust path? The text strings in User > IDs do not feature in the trust calculation.
Yes, in fact, they do. In my past, there's an ex-CEO whom I'll just call "Ben." Ben made some really astonishingly bad decisions that put him in prison for eighteen months, and left me with a permanent distrust for him. If I see Frank has signed Ben's certificate, and I trust Frank, am I going to trust Ben? Of course not. Trust is not transitive. If A trusts B and B trusts C, there is no requirement that A trusts C. In fact, if it turns out A knows C, transitivity can break completely. > What would not be visible (at least to people who didn't already know > it) is the identity and email address of the certifying key's owner. So far, you haven't produced a mechanism that will do this. We're still at the "it would be nice if..." stage of your idea. Thus, I really can't respond to statements of what this mechanism would or wouldn't do, since we don't have a mechanism to analyze. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
