laying groundwork for an eventual migration away from SHA1 with gpg
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu May 21 20:23:04 CEST 2009
On 05/21/2009 02:12 PM, John W. Moore III wrote:
> It's hard to imagine how
> shaking more hands than a politician on Runoff Day can convey any sense
> of 'trustworthiness' about the other individual. :-\
As David pointed out, keysignings are about establishing identity, *not*
establishing trust or any measure of trustworthiness.
Standard OpenPGP certifications (the output generated by a keysigning
party) say nothing about trustworthiness either, they simply make a
claim about identity.
It is when you *evaluate* such certifications that you must make
decisions about the trustworthiness of each certifier.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090521/8e2bc4d6/attachment.pgp>
More information about the Gnupg-devel
mailing list