[Enigmail] On Signatures, Part II
James Kosin
jkosin at beta.intcomgrp.com
Fri Dec 14 07:35:52 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Phil Stracchino wrote:
> Jan Steffen wrote:
>> One main problem are the different meanings of "trust":
>> Trust that a key really belongs to someone.
>> Trust that someone only signs other keys after careful ID-checking.
>> Trust in a person being "Good guy".
>>
>> Jan
>
> Exactly. Terminology overloading can be a bitch sometimes. When a term
> has multiple potential meanings depending on context, it can be hard for
> the uninitiated to correctly deduce which meaning is intended.
>
Hmmmmm.... Actually, I think pgp requires all these things to be true
before anyone can fully accept a signature. It is really a network of
trust built by association than randomly signing others keys -- which
builds a sense of dis-trust.
If your a BAD person you will end up building a trust relationship
with others who are BAD in most circumstances and that means the trust
relationship will be built by other signatures from BAD people. It is
not to say some GOOD people don't know or trust the BAD guy.
The people who provide CERTIFICATES generate things a bit
differently. They verify the requesters information and sign the
CERTIFICATE as a third party... similar things happen when someone
verifies your credit history.
- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHYqLXkNLDmnu1kSkRApheAJ9yLglTFPHvHRFSoQnwD091/2gruwCePYRs
k6ExDv2NIjsgTcTFdPuGnyo=
=KuRU
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net
More information about the Enigmail
mailing list