signing a robot's key - was: Re: Global Directory signatures
Greg Sabino Mullane
greg at turnstep.com
Mon Jan 3 03:20:28 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> For those who've gotten this far, how many would or would not trust the WoT
> (meaning beyond a friend/aquaintance, or beyond someone vouched for by a
> friend/aquaintance) for transactions involving money or sensitive
> information? I'm curious if I'm just to cynical or paranoid.
I'd trust it to a point. It all depends on the context, and there are
certainly usually other easier means of verification, but I'd be pretty
sure that someone well integrated into the WoT is who they say they are.
People certainly do transactions all the time with even less assurance
that that.
I do use the WoT regularly as far as verifying open-source software (and
closed-source too in theory, although I have not come across any myself).
Having someone with a key in the strong set and a Googleable history of key
usage is a nice verification that the software you downloaded is what you
think it is. Preventing a malware/trojan/virus/backdoor this way probably
falls into the "sensitive information" category.
- --
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 200501022115
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iD8DBQFB2KwuvJuQZxSWSsgRAqISAJwM7+VeF4qbxEw6CgAuRNPe47WE/gCeOVkb
yBrKsymAd7/Pl4dv4WWtmrI=
=2sW2
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list