On 22/01/12 02:49, Aaron Toponce wrote: > Yes. That's all I'm after. I think the militant "I _absolutely_ won't sign > any keys unless I verify their identification, face-to-face" attitude is > hindering adoption. There must be a way to build the WOT, while still > allowing people to sign keys without meeting. Thus, the reasons for 0x10, > 0x11, 0x12 and 0x13 in GnuPG for identifying how carefully you've verified > the owner of a key. > > I'm looking for ways to build the WOT, without hindering adoption, by > taking advantage of various means to establish trust of key ownership. This > seems to be a method, I just want to make sure I have all my i's jotted and > my t's crossed.
I've taken a different approach. Rather than trying to build up a WOT by getting people to sign my key, I've just made sure that the fingerprint of my master key is spread wide and far over the Internet, and that I sign everything. The front page of my website https://grepular.com/ is signed. It displays my fingerprint, and a Google link next to it: https://encrypted.google.com/search?q=%2235BC+AF1D+3AA2+1F84+3DC3+B0CF+70A5+F512+0018+461F%22&filter=0 You can see my fingerprint mentioned all over the place. I also sign all of my profiles on different sites whenever possible. A couple of examples: http://hackerbuddy.com/users/2670 https://news.ycombinator.com/user?id=mike-cardwell My fingerprint is also stored in a PKA record in the DNS: mike@Fuzzbutt:~$ dig +short txt mike.cardwell._pka.grepular.com "v=pka1\;fpr=35BCAF1D3AA21F843DC3B0CF70A5F5120018461F\;uri=http://grepular.com/0018461F.pub.asc"; mike@Fuzzbutt:~$ And the DNS for grepular.com even uses DNSSEC. I don't think you need to meet me in person to be confident that the key you've downloaded is mine. I sometimes wonder if the traditional public web of trust is even a good idea. Are you happy to be associated with everybody you've signed the key of and those who have signed yours? Are you sure that none of these people will do anything in the future which might cause these public associations to become a problem for you? -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
