Virtual Keysignings

CL Gilbert Lamont_Gilbert@RigidSoftware.com
Thu Jun 12 00:43:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lucas Gonze wrote:
|>On Tuesday 10 June 2003 17:01, CL Gilbert wrote:
|>
|>>But I disagree that my trust levels would not benefit you.  I would
|>>never give anyone complete trust unless they were someone I knew
|>>personally like a co-worker or school-mate, neighbor, etc.  Even
|>>meeting at a key signing party is not enough.  Hmm, but it appears I
|>>am using the trust model wrong.  because knowing who someone is does
|>>not mean you trust them.  Seems like something is missing here.  Be
|>>nice to give a confidence level on a signature.  Anyway, I cant see
|>>giving anyone any level of trust unless I knew them personally.
|>>Could you?
|
|
| You're mixing up faith that your belief in some fact is correct with faith
| in the fact that some person will act in your interest.  The second is a
| subset of the first.  The PGP web of trust certifies that you have faith
| in the fact that some true name should be associated with some key.
|
| Of course, people usually just sign the keys of anyone who asks.  I
| suspect that all webs of trust certify that there exists a social
| connection.
|
| - Lucas
|

Well as I understand it the gpg trust model is only trust that you
believe the person has a respectable key signing policy.  it has nothing
to do with wether you believe the person is who they say they are.
Thats what signing their key is for.



| _______________________________________________
| Gnupg-users mailing list
| Gnupg-users@gnupg.org
| http://lists.gnupg.org/mailman/listinfo/gnupg-users
|


- --
L8r,


Carl L. Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+57A9VbJM14DSCi0RAqa7AJ40fWyX6amBQAc2gLz6NHSjvPiMkQCffR2F
qfSSGkJ4irmTHPOmNn03TAk=
=npO7
-----END PGP SIGNATURE-----