From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 15:51:47 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 186E916A426; Wed, 30 Nov 2005 15:51:47 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE [134.130.3.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 813B743D75; Wed, 30 Nov 2005 15:51:41 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IQR00L25YPXGE@ms-dienst.rz.rwth-aachen.de>; Wed, 30 Nov 2005 16:51:34 +0100 (MET) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Wed, 30 Nov 2005 16:51:32 +0100 (MET) Received: from bigboss.hitnet.rwth-aachen.de (bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2]) by relay.rwth-aachen.de (8.13.3/8.13.3/1) with ESMTP id jAUFpW5N012563; Wed, 30 Nov 2005 16:51:32 +0100 (MET) Received: from lorien.hitnet.rwth-aachen.de ([137.226.181.92] helo=haakonia.hitnet.rwth-aachen.de) by bigboss.hitnet.rwth-aachen.de with esmtp (Exim 3.35 #1 (Debian)) id 1EhUF2-0004CD-00; Wed, 30 Nov 2005 16:51:32 +0100 Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id C94B33F40B; Wed, 30 Nov 2005 16:51:30 +0100 (CET) Date: Wed, 30 Nov 2005 16:51:30 +0100 From: Christian Brueffer In-reply-to: <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> To: Alexander Leidinger Message-id: <20051130155130.GA4632@unixpages.org> MIME-version: 1.0 Content-type: multipart/signed; boundary=qMm9M+Fa2AknHoGS; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.11 X-Operating-System: FreeBSD 6.0-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <4389D072.2030502@iang.org> <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> Cc: freebsd-security@FreeBSD.org, Kurt Seifried Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 15:51:47 -0000 --qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 30, 2005 at 02:43:43PM +0100, Alexander Leidinger wrote: > Kurt Seifried wrote: >=20 > >should have people upload their keys. On another note I am available=20 > >to sign PGP keys (proving your key/identity is an excercise left to=20 > >the reader =3D), >=20 > or to the signer... the keys are available in the handbook (either from > www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending > them to the @FreeBSD.org address should put them in to the hands of their > owners (and if not, it doesn't matter, they just don't get your signature= on > their key). And AFAIK this is all PGP is supposed to verify, that the per= son > behind "user@example.tld" is the same as the person with access to the > secret key for this address. Please correct me if I'm wrong and PGP also = is > supposed to e.g. verify that the name is the same as on the passport or > whatever way of personal identification is available where the owner of t= he > key to sign lives). >=20 Well, at least to me it's also about "does the name on the key and the private key owner match?" I wouldn't sign a foreign key without having checked an official document containing a photo first (passport, drivers license etc). - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjcqCbHYXjKDtmC0RAsGsAJ0fMU6X/rU7gHPFNx9ohwnafcjj+ACffQL0 hcnxr469ot7gAyk7jg4MDIg= =a5qY -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS--