laying groundwork for an eventual migration away from SHA1 with gpg

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu May 21 20:23:04 CEST 2009


On 05/21/2009 02:12 PM, John W. Moore III wrote:
> It's hard to imagine how
> shaking more hands than a politician on Runoff Day can convey any sense
> of 'trustworthiness' about the other individual.  :-\  

As David pointed out, keysignings are about establishing identity, *not*
establishing trust or any measure of trustworthiness.

Standard OpenPGP certifications (the output generated by a keysigning
party) say nothing about trustworthiness either, they simply make a
claim about identity.

It is when you *evaluate* such certifications that you must make
decisions about the trustworthiness of each certifier.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090521/8e2bc4d6/attachment.pgp>


More information about the Gnupg-devel mailing list