Peter Lebbing <pe...@digitalbrains.com> wrote: > On 24/10/13 01:15, Stan Tobias wrote: > > , then why do we believe WoT authenticates anything? Why do we accept, for > > example, a conversation by telephone to validate a key fingerprint? > > Because these are verifications outside the Web of Trust.
Is that the only requirement? Then I have fantastic news for you! You'll no longer have to visit your friends around Alpha Centauri to be able to certify their keys. A new system will be developed, called ClosedGPG (Galactic Privacy Guarantee). It will provide services such as signatures (for authentication) and key certificates. The certificates will be backed by LoH (Line of Hope) scheme (can't give you specifics - not been invented yet). It works like this: When your distant friend creates a new OpenPGP key, he only needs to send you the message "I use this key: [base64 OpenPGP key snipped]" signed with his ClosedGPG key. By invoking LoH system you validate his ClosedGPG signature and convince yourself the message is authentic, all entirely outside of WoT. Now you can safely sign his OpenPGP key with yours, and send it from your cottage on Mars to your friends working on Titan. All in measly four years! (If you wondered - of course, certifications of ClosedGPG keys have a requirement to be done outside of LoH. For this purpose you employ OpenPGP backed by WoT scheme.) Best regards, allow me some time for answering other parts, Stan. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
