Virtual Keysignings

Burns burns@runbox.com
Thu Jun 12 03:14:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --- Ingo Klöcker <ingo.kloecker@epost.de> wrote:
> On Tuesday 10 June 2003 17:01, CL Gilbert wrote:
> > But I disagree that my trust levels would not benefit you.  I
would
> > never give anyone complete trust unless they were someone I
knew
> > personally like a co-worker or school-mate, neighbor, etc. 
Even
> > meeting at a key signing party is not enough.  Hmm, but it
appears I
> > am using the trust model wrong.  because knowing who someone is
does
> > not mean you trust them.  Seems like something is missing here.
 Be
> > nice to give a confidence level on a signature.  Anyway, I cant
see
> > giving anyone any level of trust unless I knew them personally.

> > Could you?
> 
> Well, I gave those KDE developers that I met a few times on fairs
(where 
> we exchanged our fingerprints) marginal trust although I can't
say that 
> I know any of them personally. Furthermore I would probably also
give 
> other well known Free Software developers some trust if I should
ever 
> personally exchange fingerprints with them. Of course one of them
could 
> betray me but so could a co-worker or a school-mate. Only death
is 
> certain.
> 
> Regards,
> Ingo
> 

If you've met them personally, signed their key, and then they turn
around and betray you, then, all the better that you helped
establish non-repudiation for whatever they sign with their digital
signature. :-)

Randy


-----BEGIN PGP SIGNATURE-----

iD8DBQE+59L6hNLaTSzsrh8RAnXUAJ0TzWexjABTxKuqaYW+HZAp0jn/mACdEbBo
ebYBI0nDnPl6dOGMQeKDTQA=
=W4Op
-----END PGP SIGNATURE-----