[Enigmail] Setting trust levels for unknown keys
John W. Moore III
jmoore3rd at bellsouth.net
Wed Apr 29 15:58:53 PDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Daniel Kahn Gillmor wrote:
> Just because I've met "Eve L. Hacker" in person and verified her
> identity does *not* mean that i trust her to properly identify other people.
>
> Please do not blindly designate ownertrust simply because you've met
> someone face-to-face. We've all met malicious and/or incompetent people
> face-to-face. It's good to know who the person is ("calculated
> validity"), but you should need to know something about their skills,
> their presence of mind, their ethical code, and their resistance to
> shenanigans in general to decide to trust their certifications
> ("ownertrust").
This is why during the making of a Trust Signature [tsign] You are asked
both Questions:
1.) How carefully have You verified the ownership of this Key?
2.) How much do You trust this Key owner to properly verify the Keys
They Sign?
then comes Question 3:
What Level/Depth of Trust do You wish to assign to this signature.
When viewing a Trust Signature on a Key it is apparent how the Questions
were answered. Whether the verification was performed face-to-face or
whether a more casual method was used. [1st integer displayed] and the
the 2nd integer indicates the Depth of Trust.
Of course, this assumes that everyone is using the same numerical
equivalence scale. :-\
GnuPG allows the use of 5 different Trust Models and can supply much
information within a closed system of understanding but there is no
Universal acceptance regarding what each bit of information means.
JOHN ;)
Timestamp: Wednesday 29 Apr 2009, 18:58 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4987: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
iQEcBAEBCgAGBQJJ+NusAAoJEBCGy9eAtCsPFNkH/RvVmiwe7oW1yzUV1y4iyLZP
hyNfe+x8mWrPmhEirPpupJUTlhoZMasMxQPbkK1Hhe6uAPAuUO92tzJPYFccgXew
cHstBVVqTUtOTA3fCK5nNA7kAjNCXPAZEcQloU+3sIHeJmCNKLSJIw1I0PNi88aC
ejKPg/m+ZInRMqeGhSbLwvE8F8+xrPK9g9Bb/GSDyrxVmLLX66owGkQohaJJpFaj
VjEOiBqKh1lvY3xmZFfn0S4SF1aSHuzzHleJsEaEm6L8Bdv2zLHoAXasQUk43b12
Yofx4pqJhKsUXXkykvIspC2L4OPJk6nqJHETJLXPgZvlRaKYiLOgEba+GBARyYA=
=qqIg
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list