On Sun, Aug 16, 2015 at 05:31:10PM +0200, Viktor Dick wrote: > On 16.08.2015 16:26, Stefan Claas wrote: > > if i understand you correctly it would not help me if someone > > would sign my key without my approval, so to speak. > > Sure it helps. If Alice signs my key and Bob wants to send me something > and trusts Alice, he can derive some trust that my key is also genuine. > One could argue that anyone who I do not know and who anyhow signs my > key will probably not be (rightfully) trusted by anyone. However, some > magazines (I'm thinking of c't) for example might put their fingerprint > on each issue and someone who buys it might sign their key so that some > friend of theirs who has not direct access to that can still be somehow > sure that the key is correct.
Ok, i understand but it helps not to solve the issue of unwanted signatures, which i'm talking about. > I haven't looked at Facebook's public key, but let's assume that I want > to send them an e-mail and tell my client 'get the key of > i...@facebook.com'. It will download the key with a lot of signatures, > some of which might be owned by someone in my web of trust. This person > has probably just checked that the fingerprint given on their webpage > matches the one of this particular key, but then that's something I do > not need to check myself. > > (Not sure if that should be enough to sign a key, though...) > > Kind regards > Viktor > Here's as an example the Facebook pub key: https://pgp.mit.edu/pks/lookup?search=facebook+Inc&op=vindex Should now GnuPG been enhaned, or the Key Server's been updated, similar to the pgp.com one.in order to allow such things not in the future? Regards Stefan > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
