signing a robot's key - was: Re: Global Directory signatures

Atom 'Smasher' atom at suspicious.org
Thu Dec 30 21:37:26 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 30 Dec 2004, David Shaw wrote:

> On Thu, Dec 30, 2004 at 01:50:24PM -0600, Kyle Hasselbacher wrote:
>
>> In some cases, a user might have wanted to use it as a trusted 
>> introducer.  To assign owner trust, it has to be valid.  To be valid, 
>> they have to sign it.  Perhaps some of them knew that this is better 
>> done with a local signature and fat fingered the signing, but it's a 
>> little hard to believe someone understood the web of trust well enough 
>> to want to sign but not well enough to know a local sig was better.
>
> Oh, I can believe that.  It's the "I need to sign this to make things 
> work" thing.  Do beginners necessarily understand what signing entails? 
> No.  Do they necessarily understand what the web of trust even is?  No. 
> All they know is that the instructions say to sign the key, so they sign 
> the key.
=====================

is that the behavior of PGP(tm)? i once helped someone use PGP(tm) and in 
the 30-60 seconds that i was using it, it seemed to require a signature 
before it would recognize an imported key... i helped the user to make a 
non-exportable signature, but i don't recall that being the default.


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"To invent, you need a good imagination and a pile of junk."
 		-- Thomas Edison

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJB1GcMAAoJEAx/d+cTpVcivtQIAKD8Si9WkdnmciU++xjP4x2y
Z7GyoTRt4ySIGioXh3rhmI5kFQ719/ZnQBZYGizHukvsUZyM2DOuEbvk7RCp4exq
xqplS6V90xpkpddwkSa4xMVzTzHFU6UEUROtoMQ3jIfz4F9nHPKXHdBlECPUMsRy
vzXg++KYSsAAt7tL9mr8BktCnnC+KGUrzUnnWUrcQr8OjDvIQcucFQqB7nz7NvJq
rncclOPa6vOlwUp4UJ7i0Vo/W0M3hYlK4z4kNHVXcijXtGkWzQLLK3FoKBIG/ZuW
h9eJvzLJYNXFfQxTwN6Oua95Gsl+vlCAB8Dmf8LH7eH3SKqeIpZXenjTKusu3Bg=
=Z1k2
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list