[Enigmail] Setting trust levels for unknown keys
Andy Ruddock
andy.ruddock at rainydayz.org
Wed Apr 29 13:50:56 PDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert J. Hansen wrote:
> Allen Schultz wrote:
>> Or better yet, Faramir.cl told me to get CAcert.org's gpg key and sign
>> it as it is a Certificate Authority.
>
> This handwaves the question, though, of _why_ you're choosing to trust
> CAcert.org.
>
> I have no evidence CAcert.org is untrustworthy. At the same time, it's
> not like they've ever bought me a beer, either.
>
Good point, what does it take to promote a key to "trust marginally",
and from there to "trust fully".
For me, the only keys I have that I trust ultimately are those I
generated myself. Other members of the family have keys which I trust
fully. A few keys came from colleagues which I can "trust marginally",
but almost all the keys I have are "don't know".
- --
Andy Ruddock
- ------------
andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkn4vasACgkQfSkWkaYi1FKf+wCeOZc8d18BVZ2wQHzGJNuq6pwo
RAAAmgLSq0WkGZcEmirAbt2oX3kRsCFu
=Eb/X
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list