Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Mar 2003 12:19:44 -0600
From:      "Jacques A. Vidrine" <nectar@FreeBSD.org>
To:        Stijn Hoop <stijn@win.tue.nl>
Cc:        Michael Nottebrock <michaelnottebrock@gmx.net>, budsz <budsz@kumprang.or.id>, FreeBSD-Security <freebsd-security@freebsd.org>
Subject:   Re: About *.asc
Message-ID:  <20030324181944.GG1911@madman.celabo.org>
In-Reply-To: <20030324110909.GH67203@pcwin002.win.tue.nl>
References:  <20030321081451.GA13163@kumprang.or.id> <20030321082038.GC54854@pcwin002.win.tue.nl> <200303211429.09017.michaelnottebrock@gmx.net> <20030324110909.GH67203@pcwin002.win.tue.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 24, 2003 at 12:09:09PM +0100, Stijn Hoop wrote:
> So you're saying that I should (at least locally) sign all keys that I
> *know* belong to a person?

Yes.  If you *know* it belongs to whoever, which you can only know if
you got the fingerprint from them in person.

> In other words, since it's obviously impractical to have everyone sign
> the FreeBSD security officer's key, I should locally sign it to signify
> *my* trust in the fact that that key really belongs to the officer?

Right.  You want to _locally_ sign it, because you are not prepared to
certify to everyone else in the world that you *know* it is the
security officer key.

> I'm just trying to make sure I understand here. Thanks for the clarification.

By the way, you may find
<URL: http://the.earth.li/~noodles/pathfind.html >
fun, and it may help you figure out what keys you'd need to import
to produce a real trust path to the SO key.

Cheers,
-- 
Jacques A. Vidrine <nectar@celabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030324181944.GG1911>