Why is ~/.gnupg/trustdb.gpg readable by all?

Brian Minton minton@csc.smsu.edu
Thu Feb 8 17:21:12 2001

Hash: SHA1

On Wed, Feb 07, 2001 at 06:14:19PM -0600, Bud Rogers wrote:

> I want to sign other peoples' keys, and get them to sign mine, in order
> to become part of the web of trust all the docs talk about. As you've
> said, I have to sign a key before it is considered fully trusted. But
> all the docs say don't sign any key unless you have gone to some
> extraordinary lengths to verify that person's identity. How do I
> resolve that contradiction?
one way that works pretty well is to look them up in the phone book, call them up and ask them to read their key fingerprint. if it matches the fingerprint of the key you have, you can be pretty sure that it is really them. - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://cs.smsu.edu/~minton /finger minton@csc.smsu.edu _ _ my favorite OS! bjm918s@mail.smsu.edu / for PGP public key. | | <_>._ _ _ _ __ bminton@earthling.net /What are you waiting for, | |_ | || ' || | |\ \/ bminton@efn.org / try Jesus today!!! |___||_||_|_|`___|/\_\ "Many shall run to and fro, and knowledge shall be increased" --Daniel 12:4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6groRp0PPDCS0QgIRAtGTAJ4twpD6w4SfVMZzLaIK7MfvT2OKuwCfQFSe CBLqxS08KwvAka4IWkZFeNw= =3nWD -----END PGP SIGNATURE-----