Re: pgp signing in van

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 9/6/2013 5:10 PM, Ted Lemon wrote:
On Sep 6, 2013, at 6:42 PM, Joe Touch <touch@xxxxxxx> wrote:
I've noted elsewhere that the current typical key-signing party
methods are very weak. You should sign only the keys of those who you
know well enough to claim you can attest to their identity.

This is a ridiculously high bar.   The bar should be about at the
level of a facebook friend request.

Given I'm not on Facebook, the latter bar is infinitely high.

As per the PGP description:

---
There are several levels of confidence which can be included in such signatures. Although many programs read and write this information, few (if any) include this level of certification when calculating whether to trust a key.
---

And that's the problem - as long as endorsements are equal, they're only as good as your weakest one.

Joe




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]