Signing people with only one form of ID?
John W. Moore III
jmoore3rd at bellsouth.net
Sun Mar 2 14:14:33 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Nicholas Cole wrote:
> But that does not mean the web of trust is useless - far from it.
> OpenPGP lets you represent all sorts of trust models: you can choose
> trust the root key of a company, university or computer software
> project, and thereby "trust" all of the people involved in that
> organisation, for example.
ID's, Length of Relationship,Key Fingerprint verification etc. are all
just individual methods of determining Who has control of a Key. The
WoT is only conferred based upon the 'Depth of Trust' conferred with the
Signature. PGP refers to this as 'Trusted Introducer' [Black Pencil]
and GnuPG displays this 'depth' with a numerical notation.
Basic 'Exportable' Signatures [0x10, Yellow Pencil] are as common [&
useful] on a Key as a pocket full of business cards after returning from
a convention. "Yeah, We met & exchanged some Contact Information."
JOHN ;)
Timestamp: Sunday 02 Mar 2008, 08:14 --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
iQEcBAEBCgAGBQJHyqg4AAoJEBCGy9eAtCsPnooH/1PFuFXJfSo9+80HwWxQpyNG
AfjETN4e0h0uDalYsUyxq84KK/sDhGN+ChDsgci4gp9t/PBaPWZIj8egyN1PQ4pu
AIFYYUjVCSaW7UOJ3Uw8mFDkCEhPpovh4u0rJtT9HmLQ5qBF75o6jyrl5tgy2G9B
XOHNpL8MSqok7PjJZTDOlcrk3fNQ3GZreZTkArmIw2HLDHX+f6tge342m1fi44MP
Mds0TDwKmyKXagtDavprfx8mB/B+08bKxm4zW4Nk3hLCfmYNvWv793Jc0k9aGOEO
mXhuTlKzqz3kGOTqQlxt0HqaLLwY6eaPXc7yRQdo3cwwy77OcmJjU9aJgxJ76tU=
=JT+0
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list