Using root CAs as a trusted 3rd party

Faramir faramir.cl at gmail.com
Tue Jan 24 22:10:35 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 24-01-2012 16:26, brian m. carlson escribió:
> On Tue, Jan 24, 2012 at 03:13:46PM -0300, Faramir wrote:
>> Well, if Trent signs Alice key, Bob, who trust Trent, might sign
>> her key too. Charly doesn't know Trent, but he trusts Bob's
>> judgement, so he might accept Alice's key as valid, not because
>> of Trent's
...

> This is why OpenPGP implementations have trust settings.  If Bob
> trusts Trent's assertions, then he can give Trent full trust and
> Bob's implementation will believe that Alice's key belongs to
> Alice.  There's no need to sign the key.

  But Charly doesn't have Trent's key in his keyring, he doesn't even
know about Trent. So if Bob doesn't sign Alice's key, Charly won't
consider it valid. He will see the signature issued by an unknown key
(Trent's), and that is all.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJPHx5LAAoJEMV4f6PvczxAFh8H/0AQVJ8hDV63a6DTukz/wymT
sARdhUsGEufW1VbyNx5nR6luHkXv/omYckM6JzV+om4MYnGS0ZChV9bTyfWWvJAo
SAxhuht8Ees4ocK/0U4/gcEJAIzwGJd/RpjPMbyENbvtOofwjzIqU92GixSIu6iT
pruCU3y1JhIE5q6LZ7d0jWs6ycdkbj+o0OVcrfHD0aTsoSEFkQkAtsvzVqIxnKy3
y/BY6+yz6BcaYWvE0WnB/fOZb9fobHwTrl1aSMn0WuewU3HlJN3dvtNueB3JYlOM
DN9sx5G+h1yY0mJoLRYAZj85RCL7KZ0kLDrcHEby/4ueOKitfN0H4xRVLZbHdYA=
=osi/
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list