Virtual Keysignings

Lucas Gonze lucas@gonze.com
Wed Jun 11 23:35:02 2003


> On Tuesday 10 June 2003 17:01, CL Gilbert wrote:
> > But I disagree that my trust levels would not benefit you.  I would
> > never give anyone complete trust unless they were someone I knew
> > personally like a co-worker or school-mate, neighbor, etc.  Even
> > meeting at a key signing party is not enough.  Hmm, but it appears I
> > am using the trust model wrong.  because knowing who someone is does
> > not mean you trust them.  Seems like something is missing here.  Be
> > nice to give a confidence level on a signature.  Anyway, I cant see
> > giving anyone any level of trust unless I knew them personally.
> > Could you?

You're mixing up faith that your belief in some fact is correct with faith
in the fact that some person will act in your interest.  The second is a
subset of the first.  The PGP web of trust certifies that you have faith
in the fact that some true name should be associated with some key.

Of course, people usually just sign the keys of anyone who asks.  I
suspect that all webs of trust certify that there exists a social
connection.

- Lucas