[H-GEN] Key-signing at Humbug: Saturday, 1st March 2003

Robert Brockway robert at timetraveller.org
Mon Feb 24 23:38:04 EST 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Tue, 25 Feb 2003, Christopher Biggs wrote:

> Personally[1], I would never sign the key of someone I don't already know
> (FSVO "know"), or accept the signature of somebody else under the same
> circumstances.

I'm glad you said this Chris.  I have to say I always thought the
integrity of the web of trust relied not just on documentation proving
identity but on personal knowledge of the individual also.  This makes
faked documentation less damaging to the web of trust.

> Trust is only transitive if you are *careful* about who you link with,
> and even then only for a limited number of degrees.   Indiscrimitate
> exchange of signatures between barely-acquainted users or especially
> total strangers is of little value.

Infact it could be counter productive since it will claim the existance of
a trust relationship where none exists.

> [1] Wow, do y'all remember that the very *first* (IIRC) HUMBUG talk
>     was about PGP?  In the prentice centre lunchroom?

I sure do.  It was definately in the tea room - maybe meeting 2 or 3.

Rob

-- 
Robert Brockway B.Sc. email: robert at timetraveller.org  ICQ: 104781119
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list