[tor-talk] Tor Browser Developers (signing key) key signing request (Was "Re: Problems? Verifying signatures in Tor 4.0.4")

Sat, 28 Feb 2015 14:29:23 -0800 

On 2015-02-26 06:02, [email protected] wrote:

Is there anything that's wrong about the gpg verification performed on
the version 4.0.4 as seen in the text below?
It's quite different from previous Tor versions. No Erinn Clark.



We do have a chain from other Tor project personnel through Erinn Clark's key 
to a Tor Browser Developers (signing key) [1].  If you have physically 
verified their keys or Erinn's directly (or at least done a TOFU-like --lsign) 
in the past, you have a chain to the current Tor Browser Developers (signing key).



I think it would be great if the chain could be shortened.  Would more Tor 
project personnel be willing to confirm the Tor Browser Developers (signing 
key), and sign it directly?



Call it belt and suspenders with the web of trust alongside the published key 
info on the Tor site.



Richard

-------
[1]

$ gpg --list-sigs 0x93298290
pub   4096R/93298290 2014-12-15

uid                  Tor Browser Developers (signing key) 
<[email protected]>

sig          63FEE659 2015-01-13  Erinn Clark <[email protected]>
sig          4B7C3223 2014-12-15  Georg Koppen <[email protected]>

sig 3        93298290 2014-12-15  Tor Browser Developers (signing key) 
<[email protected]>

sub   4096R/F65C2036 2014-12-15

sig          93298290 2014-12-15  Tor Browser Developers (signing key) 
<[email protected]>

sub   4096R/D40814E0 2014-12-15

sig          93298290 2014-12-15  Tor Browser Developers (signing key) 
<[email protected]>

sub   4096R/589839A3 2014-12-15

sig          93298290 2014-12-15  Tor Browser Developers (signing key) 
<[email protected]>



$ gpg --list-sigs 0x63fee659
pub   2048R/63FEE659 2003-10-16
uid                  Erinn Clark <[email protected]>
sig          31B0974B 2010-02-15  Andrew Lewman <[email protected]>
sig 3        94C09C7F 2010-08-25  Peter Palfrader
...
sig 3        63FEE659 2010-01-16  Erinn Clark <[email protected]>
sig          E012B42D 2010-07-19  Jacob Appelbaum <[email protected]>
sig          23291265 2010-07-19  Linus Nordberg <[email protected]>
sig          D21739E9 2010-03-22  Daniel Kahn Gillmor <[email protected]>
...
sig          A71A6915 2011-08-05  George Kadianakis <[email protected]>
sig          28988BF5 2011-11-11  Roger Dingledine <[email protected]>
sig          19F78451 2012-12-02  Roger Dingledine <[email protected]>
sig          C11F6276 2013-03-19  David Fifield <[email protected]>
...

--
tor-talk mailing list - [email protected]
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk























					Reply via email to