PGP signatures.
Todd Zullinger
tmz at pobox.com
Thu May 29 03:56:52 UTC 2008
Patrick O'Callaghan wrote:
> Slightly OT, but what the hell: we should realize that trusting keys
> isn't the same as trusting people. Trust as applied to PGP/GPG keys
> means "I believe this key belongs to this person (e.g. because the
> person physically gave me the public key and demonstrated that he
> could sign things with the corresponding private one)". It does
> *not* mean "I trust this person not to lie to me or do evil with the
> information I send him". It's unfortunate that the web-of-trust
> notion has taken on a semantic overlay that doesn't fit, due in
> large part to the unfortunate choice of terminology.
A good point. In a few talks I've given on OpenPGP, I tried to make
the distinction that validity is for keys, and trust if for people.
And that this trust is (sort of like you say) in the sense of "I trust
this person to properly validate keys" and not in the "I trust this
person is a completely decent human." :)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I believe in the noble, aristocratic art of doing absolutely nothing.
And someday, I hope to be in a position where I can do even less.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080528/a98d0403/attachment-0001.sig>
More information about the fedora-list
mailing list