Re: Reflections on Trusting Trust
--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Nov 30, 2005 at 02:43:43PM +0100, Alexander Leidinger wrote:
> Kurt Seifried <listuser@seifried.org> wrote:
>=20
> >should have people upload their keys. On another note I am available=20
> >to sign PGP keys (proving your key/identity is an excercise left to=20
> >the reader =3D),
>=20
> or to the signer... the keys are available in the handbook (either from
> www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending
> them to the @FreeBSD.org address should put them in to the hands of their
> owners (and if not, it doesn't matter, they just don't get your signature=
on
> their key). And AFAIK this is all PGP is supposed to verify, that the per=
son
> behind "user@example.tld" is the same as the person with access to the
> secret key for this address. Please correct me if I'm wrong and PGP also =
is
> supposed to e.g. verify that the name is the same as on the passport or
> whatever way of personal identification is available where the owner of t=
he
> key to sign lives).
>=20
Well, at least to me it's also about "does the name on the key and the
private key owner match?"
I wouldn't sign a foreign key without having checked an official
document containing a photo first (passport, drivers license etc).
- Christian
--=20
Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org
GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D
--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDjcqCbHYXjKDtmC0RAsGsAJ0fMU6X/rU7gHPFNx9ohwnafcjj+ACffQL0
hcnxr469ot7gAyk7jg4MDIg=
=a5qY
-----END PGP SIGNATURE-----
--qMm9M+Fa2AknHoGS--
討論串 (同標題文章)
完整討論串 (本文為第 27 之 36 篇):