protecting pub-keys from unwanted signatures

Robert J. Hansen rjh at sixdemonbag.org
Sun Aug 16 23:26:15 CEST 2015


> What other people do says nothing about me, and everything about
> them.

Except that 99% of people who see that signature will think you have an
association with white supremacists.

Should they?  No.

Will they?  Yes.

The average person doesn't have a formal/mathematical model of trust and
what it means.  They have a loose, poorly-specified understanding, like
"only sign certificates of people you know well."  This leads them to
thinking, "well, this white supremacist group must know Chris well".
That's a false inference, but it's one a *large* number of people draw.

> On popular keys,  such as Facebook's, or any other public figure,
> there are going to accumulate signatures that aren't a part of
> anybody's Web of Trust. Until such time that these signatures can
> constitute a genuine threat to the Web of Trust, they're irrelevant.

So you're now changing your statement: signatures *don't* always
strengthen the WoT -- a large number of them are irrelevant.  This is
much closer to reality.



More information about the Gnupg-users mailing list