trust management script

Neil Williams linux at codehelp.co.uk
Tue Apr 27 21:28:42 CEST 2004 

On Tuesday 27 April 2004 8:02, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Thursday 22 April 2004 00.34, Neil Williams wrote:
>
> Thanks for that script, this is certainly useful.

Excellent.

> > I worked on the idea that if I
> > hadn't verified the key, I probably had never met the person behind
> > the key and therefore I was unlikely to be able to make much of a
> > decision on how carefully that person would verify someone else's
> > key. (Not having had the chance to see them verify my own key.)
>
> I think this assumption does not always hold. I have many keys set to

True. I didn't say this in the first email, but I have also left some keys at 
full trust even though I haven't met the person - people like Werner Koch - 
for the same reason as you.

> full trust in my keyring - these are mostly keys from prominent Debian
> developers. I trust them because I feel I can judge from seeing their
> email on the mailing list how competent they are - certainly better
> than I can judge from seeing them once at a keysigning party.

Very good point. Although the list doesn't help verify the key itself, it does 
help in getting to know the person and their attitudes towards their key(s). 
In that sense, it does allow for a more considered judgement than a single 
brief meeting. However, a lot of the keys I have signed are people from my 
local LUG and I meet and correspond with them on a regular basis. Even those 
I've met at Expo are mostly still in occasional contact.

> Trust is always a personal thing, and everybody needs to find their own
> working compromise between usability and paranoia.  In my case, the
> fact that I rarely need to transmit really secret data helps -

I use encryption mostly for local files.

> encrypting ordinary email by default is different from encrypting
> account passwords etc.; in the latter case I take an extra look at the
> trust path.

I agree. 


-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040427/3b765974/attachment.bin

More information about the Gnupg-users mailing list