<<< Date Index >>>     <<< Thread Index >>>

Re: about pgp-signed messages



On Tue, Nov 04, 2003 at 07:10:49PM -0500, Allister MacLeod wrote:
> On Tue, Nov 04, 2003 at 05:53:19PM -0500, David Yitzchak Cohen wrote:
> > On Tue, Nov 04, 2003 at 11:06:41PM +0100, Aron Stansvik wrote:
> > > Should this not be done unless we meet
> > > personally or verify something over a secure phone line?
> > If your question pertains to "should," then the answer is what you
> > have above, plus the possibility that if you can find somebody else you
> > trust to tell you this kind of stuff and who's willing to certify that
> > I'm myself, then you don't have to directly verify that I'm myself.
> > That's called the web of trust.
> 
> To Aaron:
> 
> I trust that if the person who posts to mutt-users as David Yitzchak
> Cohen cares about avoiding impersonation, he won't give his privkey
> and passphrase to anyone else.  At this point, since I don't forsee
> needing to exchange very sensitive information with Dave, it matters
> very little to me whether the key belongs to a man named D.Y. Cohen,
> or a small child, or an old woman, or whatever.  Therefore, I feel
> quite justified in locally certifying his key with my own, at a trust
> level of 0: "I don't know."  That suffices to kill the warning, and,
> to me, doesn't imply any trust beyond what I'm willing to put forth.
> 
> Of course, your mileage may vary.  (Just don't drive in 1st on the highway.)

Okay, sounds reasonable. Thanks for the long explanation, and it's Aron
with one 'A' BTW :)

Best regards,
Aron Stansvik

--
unemployed

Attachment: pgpepdMV6DiBI.pgp
Description: PGP signature