Date: Wed, 30 Nov 2005 16:51:30 +0100 From: Christian Brueffer <chris@unixpages.org> To: Alexander Leidinger <netchild@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, Kurt Seifried <listuser@seifried.org> Subject: Re: Reflections on Trusting Trust Message-ID: <20051130155130.GA4632@unixpages.org> In-Reply-To: <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <4389D072.2030502@iang.org> <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Nov 30, 2005 at 02:43:43PM +0100, Alexander Leidinger wrote: > Kurt Seifried <listuser@seifried.org> wrote: > > >should have people upload their keys. On another note I am available > >to sign PGP keys (proving your key/identity is an excercise left to > >the reader =), > > or to the signer... the keys are available in the handbook (either from > www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending > them to the @FreeBSD.org address should put them in to the hands of their > owners (and if not, it doesn't matter, they just don't get your signature on > their key). And AFAIK this is all PGP is supposed to verify, that the person > behind "user@example.tld" is the same as the person with access to the > secret key for this address. Please correct me if I'm wrong and PGP also is > supposed to e.g. verify that the name is the same as on the passport or > whatever way of personal identification is available where the owner of the > key to sign lives). > Well, at least to me it's also about "does the name on the key and the private key owner match?" I wouldn't sign a foreign key without having checked an official document containing a photo first (passport, drivers license etc). - Christian -- Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjcqCbHYXjKDtmC0RAsGsAJ0fMU6X/rU7gHPFNx9ohwnafcjj+ACffQL0 hcnxr469ot7gAyk7jg4MDIg= =a5qY -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051130155130.GA4632>