Signing people with only one form of ID?

John W. Moore III jmoore3rd at bellsouth.net
Sun Mar 2 14:14:33 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Nicholas Cole wrote:

> But that does not mean the web of trust is useless - far from it.
> OpenPGP lets you represent all sorts of trust models: you can choose
> trust the root key of a company, university or computer software
> project, and thereby "trust" all of the people involved in that
> organisation, for example.

ID's, Length of Relationship,Key Fingerprint verification etc. are all
just individual methods of determining Who has control of a Key.  The
WoT is only conferred based upon the 'Depth of Trust' conferred with the
Signature.  PGP refers to this as 'Trusted Introducer' [Black Pencil]
and GnuPG displays this 'depth' with a numerical notation.

Basic 'Exportable' Signatures [0x10, Yellow Pencil] are as common [&
useful] on a Key as a pocket full of business cards after returning from
a convention.  "Yeah, We met & exchanged some Contact Information."

JOHN ;)
Timestamp: Sunday 02 Mar 2008, 08:14  --500 (Eastern Standard Time)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHyqg4AAoJEBCGy9eAtCsPnooH/1PFuFXJfSo9+80HwWxQpyNG
AfjETN4e0h0uDalYsUyxq84KK/sDhGN+ChDsgci4gp9t/PBaPWZIj8egyN1PQ4pu
AIFYYUjVCSaW7UOJ3Uw8mFDkCEhPpovh4u0rJtT9HmLQ5qBF75o6jyrl5tgy2G9B
XOHNpL8MSqok7PjJZTDOlcrk3fNQ3GZreZTkArmIw2HLDHX+f6tge342m1fi44MP
Mds0TDwKmyKXagtDavprfx8mB/B+08bKxm4zW4Nk3hLCfmYNvWv793Jc0k9aGOEO
mXhuTlKzqz3kGOTqQlxt0HqaLLwY6eaPXc7yRQdo3cwwy77OcmJjU9aJgxJ76tU=
=JT+0
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list