[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Web of Trust (a revolution)



On Mon, 2009-03-30 at 22:17 +1030, Tim wrote:
> On Mon, 2009-03-30 at 11:23 +0100, Anne Wilson wrote:
> > If you examine my key you will see that it is signed by a number of
> > people who have properly verified that I am who I say I am.  This is
> > essential for the web of trust to work, but frankly it is not
> > understood by many people, and I've seen conversations where people
> > will sign anyone's key.  The whole web of trust falls apart when this
> > happens.
> 
> Looking at your key, using the seahorse program, I can see nothing that
> gives me any indication that the signers have checked anything, only a
> list of names of who the signers are.  Not very helpful...  You'd have
> to use something else to see certification levels, e.g. command line
> tools.  Of course the indicator will only be that person X *says*
> they've checked you out.  There's nothing to enforce them being
> truthful.
> 
> As you say, some will sign anything willy nilly.  The web of trust is
> really only useful with people that you actually know.  You can't make
> any assumptions just because a key is counter-signed.  A third party's
> referral is useless.  The only third party that you could trust would be
> some service that you know refuses to sign keys without adequate
> verification, assuming that there is one, and that you know of their
> reputation.
What is wrong with Verisign?

--
=======================================================================
Freedom begins when you tell Mrs. Grundy to go fly a kite.
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam sbcglobal net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]