-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthias Bethke wrote: | Hi Eric, | on Fri, Mar 28, 2008 at 03:13:43PM -0400, you wrote: |> I'm seeing a bunch of keys in my keyring with GSWoT(1) and PGP Global |> Directory(2) signatures on them. Obviously both websites encourage you |> to download their keys and trust them. While I realize what keys you |> trust is totally up to you, I'm wondering what fellow people do. My |> idea was to /maybe/ add them in as moderates that way they don't run my |> keyring for me, but still vouch for people where necessary. | | As far as I can see, the PGP Global Directory does no verification apart | from checking that an email address exists, so its signature isn't worth | much for the WoT. The GSWoT signatures on the other hand mean the owner | of the key has been personally checked by an introducer. It's a matter | of taste but I usually don't sign role account keys, I think they should | be signed by members of the institution (the introducers in this case) | whom I can choose to trust because their identity can be verified. So as | I wanted to trust the GSWoT key, I just imported some intermediate keys | to build a couple of marginal trust paths via people I've met | personally. | | cheers, | Matthias Ok, thanks. I don't have those marginal trust paths but I do have a few introducers near me and I was planning on getting together and signing keys. I'll have to bump those plans up. Thanks for the pointers.
- -- Eric Martin PGP fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH8nlpdheOldgSlQgRAjFbAKDALJzGQKNmnJtmIy5Cer99MYQf7QCfYdI+ MqtkNSYdxoqXT2Av0JO51FY= =Nb2m -----END PGP SIGNATURE----- -- gentoo-security@lists.gentoo.org mailing list
