Web of Trust (a revolution)
Anne Wilson
annew at kde.org
Wed Apr 1 14:45:19 UTC 2009
On Wednesday 01 April 2009 14:18:11 David wrote:
> On 4/1/2009 8:56 AM, Tim wrote:
> > On Wed, 2009-04-01 at 13:42 +0200, "Stanisław T. Findeisen" wrote:
> >> Sure, you might not be sure how honest a particular person
> >> is, or how accurate she is when it comes to key signing. But it
> >> *might* be helpful to know that a key of someone else that you haven't
> >> met in person has been signed by, say, 10 different people that you
> >> did meet before
> >
> > You need to know them more than just having met them before, you need to
> > know what their attitude is to signing keys. Will they only sign keys
> > with users that have credible ID? And could they spot fake ID?
>
> I use a state issued picture driver license, a birth certificate, and a US
> Passport.
>
It is generally accepted that meeing someone, alone, is not sufficient
identification. Before you sign anyone's key, or let them sign yours, you
should always see this kind of official documentation. Anyone considering
getting keys signed should read
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
Anne
--
New to KDE4? - get help from http://userbase.kde.org
Just found a cool new feature? Add it to UserBase
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090401/8d7393d3/attachment-0001.sig>
More information about the fedora-list
mailing list