trust management script

Adrian 'Dagurashibanipal' von Bidder avbidder at
Tue Apr 27 09:02:04 CEST 2004

Hash: SHA1

On Thursday 22 April 2004 00.34, Neil Williams wrote:


Thanks for that script, this is certainly useful.

> I worked on the idea that if I
> hadn't verified the key, I probably had never met the person behind
> the key and therefore I was unlikely to be able to make much of a
> decision on how carefully that person would verify someone else's
> key. (Not having had the chance to see them verify my own key.)

I think this assumption does not always hold. I have many keys set to 
full trust in my keyring - these are mostly keys from prominent Debian 
developers. I trust them because I feel I can judge from seeing their 
email on the mailing list how competent they are - certainly better 
than I can judge from seeing them once at a keysigning party.

Trust is always a personal thing, and everybody needs to find their own 
working compromise between usability and paranoia.  In my case, the 
fact that I rarely need to transmit really secret data helps - 
encrypting ordinary email by default is different from encrypting 
account passwords etc.; in the latter case I take an extra look at the 
trust path.

- -- vbi

- -- 
The content of this message may or may not reflect the opinion of me, my
employer, my girlfriend, my cat or anybody else, regardless of the fact
whether such an employer, girlfriend, cat, or anybody else exists.  I
(or my employer, girlfriend, cat or whoever) disclaim any legal
obligations resulting from the above message.  You, as the reader of
this message, may or may not have the permission to redistribute this
message as a whole or in parts, verbatim or in modified form, or to
distribute any message at all.
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from


More information about the Gnupg-users mailing list