Robot CA at toehold.com
Sun Dec 8 19:11:01 2002
Content-Type: text/plain; charset=us-ascii
On Sun, Dec 08, 2002 at 05:48:32PM +0100, Michael Nahrath wrote:
> Adrian 'Dagurashibanipal' von Bidder <firstname.lastname@example.org> schrieb am
> 2002-12-08 16:07 Uhr:
> Why should anybody sign Kyle's internet-service?
> At the moment only he can proove that it really is his program.
> If you want to build a trust path to his robot sign _his_ key and give fu=
> ownertrust to Kyle's key!
> (or find another chain of ownertrusted signatures that leads to him.
> Maybe you already have one:
Yes, that (pathfinder) path does exist.
I (0xD39DA0E3) signed Kyle's personal (0x2A94C484) and robot (0xC521097E)
keys with 0x11/persona signatures because I established that the keys
were linked to their specified email/web addresses. The 0x072FAC89 <->
0xD39DA0E3 signatures came from an in-person keysigning. I can't speak
for the other signers.
If anyone wants to see keyanalyze reports without PGP CA keys being
included, the first step is identifying them. So far, I know about
Thawte Freemail (0x5AC41CB9, 0xDE46F54F, 0x6BE9A169, 0x066E6D90,
0x3CE4352F, 0xAD26F8E6, 0xFE77B6E1, 0x1811465A, 0x663D3B3F, 0x6F79AC0C,
0x86EE189C), ct magazine (0xB3B2A12C), and Robot CA (0xC521097E,
0x8A7C07CD). trustcenter.de, DFN-PCA, and arcanus.com/arcanvs.com
are some others that spring to mind. Some signatures from some of
these keys are backed up by in-person identity checks, though.
NB: Watch your followups.
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
email@example.com | web: http://jharris.cjb.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----