Expanding web-of-trust with subkey
Teemu Likonen
tlikonen at iki.fi
Wed Feb 15 17:54:51 CET 2017
Didrik Nordström [2017-02-14 19:02:08-08] wrote:
> How do you handle key management? Let's say you just want to send a
> signed and encrypted email once to someone who announced their pubkey
> over https? What type of trust would you assign?
I don't personally know anybody who uses gpg. Even if I will meet
someone it's unlikely that signing keys will make me part of any web. So
web of trust is useless for me.
That makes things very simple, in a way. I use "trust-model direct" and
do some checking in web pages or check consistent use of signatures. If
the key seems ok I'll "--edit-key", type "trust" and assign marginal or
full trust for that key. That's it. And because I have no use for other
people's signatures I also have "keyserver-options import-clean" so my
keyring remains small.
When Debian 9 is released, with GnuPG 2.1, I'll try "trust-model
tofu+pgp" (trust on first use plus web of trust). It seems useful too.
--
/// Teemu Likonen - .-.. <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 454 bytes
Desc: not available
URL: </pipermail/attachments/20170215/779e15e8/attachment.sig>
More information about the Gnupg-users
mailing list