Am Dienstag, 24. Januar 2012, 22:10:35 schrieb Faramir:
> > This is why OpenPGP implementations have trust settings. If Bob
> > trusts Trent's assertions, then he can give Trent full trust and
> > Bob's implementation will believe that Alice's key belongs to
> > Alice. There's no need to sign th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 24-01-2012 16:26, brian m. carlson escribió:
> On Tue, Jan 24, 2012 at 03:13:46PM -0300, Faramir wrote:
>> Well, if Trent signs Alice key, Bob, who trust Trent, might sign
>> her key too. Charly doesn't know Trent, but he trusts Bob's
>> judgement
On Tue, Jan 24, 2012 at 03:13:46PM -0300, Faramir wrote:
> Well, if Trent signs Alice key, Bob, who trust Trent, might sign her
> key too. Charly doesn't know Trent, but he trusts Bob's judgement, so
> he might accept Alice's key as valid, not because of Trent's
> signature, but because of Bob's
; * A PGP key was signed by an SSL certificate that was signed by a
>> root CA * I verified that the signature was indeed from that root
>> CA. * I striped the signature, and imported the PGP key. * I then
>> signed the key, exported, and sent back.
>>
>> What are y
Hi Mike, gnupg users,
* gn...@lists.grepular.com [22. Jan. 2012]:
[...]
> I sometimes wonder if the traditional public web of trust is even a good
> idea. Are you happy to be associated with everybody you've signed the
> key of and those who have signed yours? Are you sure that none of these
> peo
On 01/23/2012 03:24 PM, Mark H. Wood wrote:
> On Sat, Jan 21, 2012 at 01:49:20PM -0800, Ken Hagler wrote:
>
> (...)
>
> I guess that the lesson is: don't assume. Find out for yourself
> whether a CA is worthy of your trust, before trusting.
Well, that could be a big challenge. In addition consi
On Sat, Jan 21, 2012 at 01:49:20PM -0800, Ken Hagler wrote:
> On Jan 21, 2012, at 10:12 AM, Aaron Toponce wrote:
>
> > What are your thoughts on using root CAs as a trusted 3rd party for
> > trusting that a key is owned by whom it claims? Of course, this is merely
> > for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Reference:
Subject: Re: Using root CAs as a trusted 3rd party
Date: Sat, 21 Jan 2012 13:49:20 -0800
From: Ken Hagler
To: Aaron Toponce
CC: gnupg-users@gnupg.org
> On Jan 21, 2012, at 10:12 AM, Aa
On 22/01/12 02:49, Aaron Toponce wrote:
> Yes. That's all I'm after. I think the militant "I _absolutely_ won't sign
> any keys unless I verify their identification, face-to-face" attitude is
> hindering adoption. There must be a way to build the WOT, while still
> allowing people to sign keys wit
Hi Aaron, gnupg users,
* Aaron Toponce [21. Jan. 2012]:
> On Sat, Jan 21, 2012 at 10:50:11PM +0100, Gregor Zattler wrote:
>> IMHO by signing a key you make a statement about the connection
>> between a person or owner and the user id you sign, saying "I
>> somehow convinced myself that user owns t
On Sat, Jan 21, 2012 at 10:50:11PM +0100, Gregor Zattler wrote:
> IMHO by signing a key you make a statement about the connection
> between a person or owner and the user id you sign, saying "I
> somehow convinced myself that user owns this key". This only
> makes sense if you have some insight in
On Sat, Jan 21, 2012 at 02:47:25PM -0500, Thomas Harning Jr. wrote:
> That process seems pretty reasonable, assuming the CA is reputable. Even
> better if you keep track of the SSL cert to keep track of breaches and the
> like.
The idea is only to casually trust that a key belongs to a person. If
On Jan 21, 2012, at 10:12 AM, Aaron Toponce wrote:
> What are your thoughts on using root CAs as a trusted 3rd party for
> trusting that a key is owned by whom it claims? Of course, this is merely
> for casual checking, but it seems to be "good enough".
As far as I can see th
the signature was indeed from that root CA.
> * I striped the signature, and imported the PGP key.
> * I then signed the key, exported, and sent back.
>
> What are your thoughts on using root CAs as a trusted 3rd party for
> trusting that a key is owned by whom it claims? Of co
gnature was indeed from that root CA.
> * I striped the signature, and imported the PGP key.
> * I then signed the key, exported, and sent back.
>
> What are your thoughts on using root CAs as a trusted 3rd party for
> trusting that a key is owned by whom it claims? Of co
signature was indeed from that root CA.
>* I striped the signature, and imported the PGP key.
>* I then signed the key, exported, and sent back.
>
> What are your thoughts on using root CAs as a trusted 3rd party for
> trusting that a key is owned by whom it claims? Of course
PGP key.
* I then signed the key, exported, and sent back.
What are your thoughts on using root CAs as a trusted 3rd party for
trusting that a key is owned by whom it claims? Of course, this is merely
for casual checking, but it seems to be "good enough".
Thoughts?
--
. o . o . o
17 matches
Mail list logo
