Why is ~/.gnupg/trustdb.gpg readable by all?
Thu Feb 8 17:21:12 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, Feb 07, 2001 at 06:14:19PM -0600, Bud Rogers wrote:
> I want to sign other peoples' keys, and get them to sign mine, in order
> to become part of the web of trust all the docs talk about. As you've
> said, I have to sign a key before it is considered fully trusted. But
> all the docs say don't sign any key unless you have gone to some
> extraordinary lengths to verify that person's identity. How do I
> resolve that contradiction?
one way that works pretty well is to look them up in the phone book, call them
up and ask them to read their key fingerprint. if it matches the fingerprint
of the key you have, you can be pretty sure that it is really them.
http://cs.smsu.edu/~minton /finger firstname.lastname@example.org _ _ my favorite OS!
email@example.com / for PGP public key. | | <_>._ _ _ _ __
firstname.lastname@example.org /What are you waiting for, | |_ | || ' || | |\ \/
email@example.com / try Jesus today!!! |___||_||_|_|`___|/\_\
"Many shall run to and fro, and knowledge shall be increased" --Daniel 12:4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----