[H-GEN] Key-signing at Humbug: Saturday, 1st March 2003
Christopher Biggs
listjunkie at pobox.com
Mon Feb 24 19:07:28 EST 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Mark Suter <suter at humbug.org.au> moved upon the face of the 'Net and spake thusly:
> The ID requirements are for each key signer to determine. When you have
> someone saying to you, "Hi, I'm Jane Citizen and here's my ID," it's up
> to you to decide if you believe them.
>
> If you sign this key then you are saying, "I am absolutely positive this
> key belongs to Jane Citizen <citizen at example.com>." The fingerprints
> (ten groups of 4 hex digits) are to ensure you're signing the right key.
> Here's a bit more information:
Personally[1], I would never sign the key of someone I don't already know
(FSVO "know"), or accept the signature of somebody else under the same
circumstances.
Trust is only transitive if you are *careful* about who you link with,
and even then only for a limited number of degrees. Indiscrimitate
exchange of signatures between barely-acquainted users or especially
total strangers is of little value.
The exception would be a "well known" person that I do not know
personally, but who could be thought of as a de-facto signing
authority. Just as in the "six-degrees" acquaintance model, only a
small number of these well-connected individuals are necessary[2] to
provide a well-connected web of trust. Not *too* small a number
however, because then you have a collapse of trust if one of the
"root" keys is compromised.
--cjb
[1] Wow, do y'all remember that the very *first* (IIRC) HUMBUG talk
was about PGP? In the prentice centre lunchroom?
[2] In theory[3].
[3] In theory, there is no difference between theory and practice[4].
[4] In practice, there is.
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list