Date: Wed, 30 Nov 2005 16:51:30 +0100 From: Christian Brueffer <chris@unixpages.org> To: Alexander Leidinger <netchild@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, Kurt Seifried <listuser@seifried.org> Subject: Re: Reflections on Trusting Trust Message-ID: <20051130155130.GA4632@unixpages.org> In-Reply-To: <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <4389D072.2030502@iang.org> <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 30, 2005 at 02:43:43PM +0100, Alexander Leidinger wrote: > Kurt Seifried <listuser@seifried.org> wrote: >=20 > >should have people upload their keys. On another note I am available=20 > >to sign PGP keys (proving your key/identity is an excercise left to=20 > >the reader =3D), >=20 > or to the signer... the keys are available in the handbook (either from > www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending > them to the @FreeBSD.org address should put them in to the hands of their > owners (and if not, it doesn't matter, they just don't get your signature= on > their key). And AFAIK this is all PGP is supposed to verify, that the per= son > behind "user@example.tld" is the same as the person with access to the > secret key for this address. Please correct me if I'm wrong and PGP also = is > supposed to e.g. verify that the name is the same as on the passport or > whatever way of personal identification is available where the owner of t= he > key to sign lives). >=20 Well, at least to me it's also about "does the name on the key and the private key owner match?" I wouldn't sign a foreign key without having checked an official document containing a photo first (passport, drivers license etc). - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjcqCbHYXjKDtmC0RAsGsAJ0fMU6X/rU7gHPFNx9ohwnafcjj+ACffQL0 hcnxr469ot7gAyk7jg4MDIg= =a5qY -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051130155130.GA4632>