Date: Mon, 24 Mar 2003 12:19:44 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Stijn Hoop <stijn@win.tue.nl> Cc: Michael Nottebrock <michaelnottebrock@gmx.net>, budsz <budsz@kumprang.or.id>, FreeBSD-Security <freebsd-security@freebsd.org> Subject: Re: About *.asc Message-ID: <20030324181944.GG1911@madman.celabo.org> In-Reply-To: <20030324110909.GH67203@pcwin002.win.tue.nl> References: <20030321081451.GA13163@kumprang.or.id> <20030321082038.GC54854@pcwin002.win.tue.nl> <200303211429.09017.michaelnottebrock@gmx.net> <20030324110909.GH67203@pcwin002.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 24, 2003 at 12:09:09PM +0100, Stijn Hoop wrote: > So you're saying that I should (at least locally) sign all keys that I > *know* belong to a person? Yes. If you *know* it belongs to whoever, which you can only know if you got the fingerprint from them in person. > In other words, since it's obviously impractical to have everyone sign > the FreeBSD security officer's key, I should locally sign it to signify > *my* trust in the fact that that key really belongs to the officer? Right. You want to _locally_ sign it, because you are not prepared to certify to everyone else in the world that you *know* it is the security officer key. > I'm just trying to make sure I understand here. Thanks for the clarification. By the way, you may find <URL: http://the.earth.li/~noodles/pathfind.html > fun, and it may help you figure out what keys you'd need to import to produce a real trust path to the SO key. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030324181944.GG1911>