hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Sun Mar 13 08:38:14 CET 2011

On 13/03/11 7:22 AM, Robert J. Hansen wrote:
> On 3/12/2011 1:05 PM, MFPA wrote:
>> How does the WoT idea require me to know the names or email addresses
>> associated with the keys in the trust path? The text strings in User
>> IDs do not feature in the trust calculation.
> Yes, in fact, they do.
> In my past, there's an ex-CEO whom I'll just call "Ben." 

I wish you hadn't.  ;)

> Ben made some really astonishingly bad decisions that put him in
> prison for eighteen months, and left me with a permanent distrust
> for him.  If I see Frank has signed Ben's certificate, and I trust
> Frank, am I going to trust Ben?
> Of course not.

I wouldn't trust him either.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/7129b2f6/attachment.pgp>

More information about the Gnupg-users mailing list