Robot CA at toehold.com

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Mon Dec 9 09:35:01 2002


--=-zCh9YwrBxjajTszRyor3
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-12-09 at 01:01, David Shaw wrote:
 [ 0x11 persona sigs ]

> Don't forget PGP.  You're making signatures that act incorrectly for
> exactly 100% of the user base of OpenPGP.  Are you sure you want to do
> that?

Nice as it is, I think the web of trust idea is much overrated. It works
for verifying signatures in everyday use, like on mailing lists. But
when real secrecy is in question, in most cases
 - people either have met in persona and therefore could exchange keys
directly.
 - or people are within a relatively closed group (say, Debian
developers who have to mail around account data), so manual verifying of
a trust path is easy enough.

I doubt the global web of trust is used much for more than a casual
verification. So, for me, e-mail robotCA has its justification as well
as 0x11 signatures (which hopefully people *do* notice as soon as they
become careful about trust), and I wouldn't call this 'polluting' the
web of trust.

cheers
-- vbi

--=20
this email is protected by a digital signature:  http://fortytwo.ch/gpg

NOTE: keyserver bugs! get my key here: https://fortytwo.ch/gpg/92082481

--=-zCh9YwrBxjajTszRyor3
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iHMEABECADMFAj30VgssGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99Z64gCgkOa311696dFuz1FuMAfHJMvULDoA
oIUTBK1l2fShcXmCv2jkhfb0yzfC
=A41n
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822

--=-zCh9YwrBxjajTszRyor3--