-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Saturday 12 March 2011 at 8:22:06 PM, in <mid:4d7bd5ee.80...@sixdemonbag.org>, Robert J. Hansen wrote: > On 3/12/2011 1:05 PM, MFPA wrote: >> How does the WoT idea require me to know the names or email addresses >> associated with the keys in the trust path? The text strings in User >> IDs do not feature in the trust calculation. > Yes, in fact, they do. > In my past, there's an ex-CEO whom I'll just call > "Ben." Ben made some really astonishingly bad > decisions that put him in prison for eighteen months, > and left me with a permanent distrust for him. If I > see Frank has signed Ben's certificate, and I trust > Frank, am I going to trust Ben? > Of course not. Presumably GnuPG factors this into the trust calculations by virtue of the trust level you have assigned to Ben's key, not by parsing his User IDs. > Trust is not transitive. If A trusts B and B trusts C, > there is no requirement that A trusts C. In real life, true. But what about the GnuPG default of trusting a key that carries certifications from 1 fully trusted or 3 marginally trusted keys. Unless you manually inspect each trust path, how would you spot unknown keys from past real-life associates you distrusted? > In fact, if > it turns out A knows C, transitivity can break > completely. Indeed, if you know that a certificate belongs to somebody you actually know, trust *calculations* are irrelevant. Of course you might trust somebody's security procedures and keysigning policy but wish to keep your valuables or your wife well away from him. - -- Best regards MFPA mailto:expires2...@ymail.com A picture is a poem without words -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNe+REnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5piV8EAKTN tjx4dkO4XZWWjW/IW+rt39i3YKVsrXcEhpyiH/Gc9RdOMxXaKd+SUkSCDRSAqd0d wl4WFhGQpbR42kAYbMliDAnbKZpxuydlZMbL/MAx2ncZYBMAjQd6RP5FOx/W4NPh 8zeALI92omNd4QGtMLql6bZjKi9waDyV/sjReiCV =slFP -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users