Signing people with only one form of ID?
John W. Moore III
jmoore3rd at bellsouth.net
Sun Mar 2 14:14:33 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Nicholas Cole wrote:
> But that does not mean the web of trust is useless - far from it.
> OpenPGP lets you represent all sorts of trust models: you can choose
> trust the root key of a company, university or computer software
> project, and thereby "trust" all of the people involved in that
> organisation, for example.
ID's, Length of Relationship,Key Fingerprint verification etc. are all
just individual methods of determining Who has control of a Key. The
WoT is only conferred based upon the 'Depth of Trust' conferred with the
Signature. PGP refers to this as 'Trusted Introducer' [Black Pencil]
and GnuPG displays this 'depth' with a numerical notation.
Basic 'Exportable' Signatures [0x10, Yellow Pencil] are as common [&
useful] on a Key as a pocket full of business cards after returning from
a convention. "Yeah, We met & exchanged some Contact Information."
Timestamp: Sunday 02 Mar 2008, 08:14 --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
-----END PGP SIGNATURE-----
More information about the Gnupg-users