Re: Web of Trust (a revolution)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Todd Zullinger wrote:

$ gpg --list-options 'show-policy-urls' --list-sigs silfreed
pub   1024D/ED00D312 2000-06-21
uid                  Douglas E. Warner <silfreed@...>
sig 3        ED00D312 2005-11-02  Douglas E. Warner <silfreed@...>
sig 2   P    BEAF0CE3 2006-08-07  Todd M. Zullinger <tmz@...>
   Signature policy: http://www.pobox.com/~tmz/pgp/cert-policy.asc
[...]

I don't intend for that to make anyone trust my signatures unless they
know a bit about me, of course.  But I do try to be a good example and
let those who may trust me know just what I mean when they see a
signature from me on a key.

Both notations and cert policy URLS may contain some data that is
unique to a particular signature.  Strings such as %k, %K, and %f will
be expanded to the short key id, long key id, and fingerprint of the
key being signed, respectively.  That way, you could make the notation
or policy URL point to a page for each signature.  There you could
include such details as where you met, what information you exchanged,
etc.


Great done, I am impressed, I wasn't even aware that such things exist!
So, summarizing all this (see my the previous post from today) I'd say that what we need is:
* an OpenPGP web of trust "CA" (operated by RedHat/Fedora/whatever, sorry I'm not really aware of who is who here) with its public/private keypair (CAK) * an official and strictly-followed policy for signing people keys with CAK (trust level 0 sigs) * an official and strictly-followed policy for signing people keys with CAK (trust level 1 sigs) * a "marketing strategy" or something to tell people to trust CAK with the level of 2 * some "goodies" like list of keys signed by CAK published on the web, or maybe photos of all such meetings in person (depending on the policy); surely photos, names and bios of all trust-level-1 sigs holders. :-) 

This way we achieve the goals of the revolution; we promote:
* GNU
* free software
* security and authenticity
* bazaar model
* Fedora
* OpenPGP web of trust, which is better than PKI.

STF

=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: 9D25 3D89 75F1 DF1D F434  25D7 E87F A1B9 B80F 8062
=======================================================================

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux