signing a robot's key - was: Re: Global Directory signatures
Kyle Hasselbacher
kyle at toehold.com
Thu Dec 30 20:50:24 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Atom 'Smasher' wrote:
| why on earth would anyone sign this key? the UID identifies the key as
| belonging to "PGP Global Directory Verification Key"...
Some folks signed the Robot CA key (C521097E) to show that they believed that
it is what it says it is: a gravel-dumb key verifier.
In some cases, a user might have wanted to use it as a trusted introducer.
To assign owner trust, it has to be valid. To be valid, they have to sign
it. Perhaps some of them knew that this is better done with a local
signature and fat fingered the signing, but it's a little hard to believe
someone understood the web of trust well enough to want to sign but not well
enough to know a local sig was better.
Some people may have seen it as a back door into the global strong set. The
Robot CA is in the strong set, and it gives out signatures easily. Give a
signature back, and you're in the strong set too.
I signed it because I wrote it and run it.
Are folks signing the Global Directory key for the same reasons? I don't
know, but it's possible.
Kyle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB1Fv/zS7R/flctWYRAvbrAKCQNEAmEyepjtgs/R/x9FA44GbXLACgpHS4
t1ClyCfBc32ueLaxWOTXGwI=
=g+iR
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list