Virtual Keysignings

CL Gilbert
Thu Jun 12 00:43:02 2003

Hash: SHA1

Lucas Gonze wrote:
|>On Tuesday 10 June 2003 17:01, CL Gilbert wrote:
|>>But I disagree that my trust levels would not benefit you.  I would
|>>never give anyone complete trust unless they were someone I knew
|>>personally like a co-worker or school-mate, neighbor, etc.  Even
|>>meeting at a key signing party is not enough.  Hmm, but it appears I
|>>am using the trust model wrong.  because knowing who someone is does
|>>not mean you trust them.  Seems like something is missing here.  Be
|>>nice to give a confidence level on a signature.  Anyway, I cant see
|>>giving anyone any level of trust unless I knew them personally.
|>>Could you?
| You're mixing up faith that your belief in some fact is correct with faith
| in the fact that some person will act in your interest.  The second is a
| subset of the first.  The PGP web of trust certifies that you have faith
| in the fact that some true name should be associated with some key.
| Of course, people usually just sign the keys of anyone who asks.  I
| suspect that all webs of trust certify that there exists a social
| connection.
| - Lucas

Well as I understand it the gpg trust model is only trust that you
believe the person has a respectable key signing policy.  it has nothing
to do with wether you believe the person is who they say they are.
Thats what signing their key is for.

| _______________________________________________
| Gnupg-users mailing list

- --

Carl L. Gilbert
Free Java interface to
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -