signing a robot's key - was: Re: Global Directory signatures
atom at suspicious.org
Thu Dec 30 21:37:26 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 30 Dec 2004, David Shaw wrote:
> On Thu, Dec 30, 2004 at 01:50:24PM -0600, Kyle Hasselbacher wrote:
>> In some cases, a user might have wanted to use it as a trusted
>> introducer. To assign owner trust, it has to be valid. To be valid,
>> they have to sign it. Perhaps some of them knew that this is better
>> done with a local signature and fat fingered the signing, but it's a
>> little hard to believe someone understood the web of trust well enough
>> to want to sign but not well enough to know a local sig was better.
> Oh, I can believe that. It's the "I need to sign this to make things
> work" thing. Do beginners necessarily understand what signing entails?
> No. Do they necessarily understand what the web of trust even is? No.
> All they know is that the instructions say to sign the key, so they sign
> the key.
is that the behavior of PGP(tm)? i once helped someone use PGP(tm) and in
the 30-60 seconds that i was using it, it seemed to require a signature
before it would recognize an imported key... i helped the user to make a
non-exportable signature, but i don't recall that being the default.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"To invent, you need a good imagination and a pile of junk."
-- Thomas Edison
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-users