signing a robot's key - was: Re: Global Directory signatures

Greg Sabino Mullane greg at
Mon Jan 3 03:20:28 CET 2005

Hash: SHA1
> For those who've gotten this far, how many would or would not trust the WoT
> (meaning beyond a friend/aquaintance, or beyond someone vouched for by a
> friend/aquaintance) for transactions involving money or sensitive
> information?  I'm curious if I'm just to cynical or paranoid.
I'd trust it to a point. It all depends on the context, and there are
certainly usually other easier means of verification, but I'd be pretty
sure that someone well integrated into the WoT is who they say they are.
People certainly do transactions all the time with even less assurance
that that.
I do use the WoT regularly as far as verifying open-source software (and
closed-source too in theory, although I have not come across any myself).
Having someone with a key in the strong set and a Googleable history of key
usage is a nice verification that the software you downloaded is what you
think it is. Preventing a malware/trojan/virus/backdoor this way probably
falls into the "sensitive information" category.
- --
Greg Sabino Mullane greg at
PGP Key: 0x14964AC8 200501022115

More information about the Gnupg-users mailing list