From owner-freebsd-security Mon Mar 24 10:20:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C1AB37B401 for ; Mon, 24 Mar 2003 10:19:46 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6114043F3F for ; Mon, 24 Mar 2003 10:19:45 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id D775F3D; Mon, 24 Mar 2003 12:19:44 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id AD04878C43; Mon, 24 Mar 2003 12:19:44 -0600 (CST) Date: Mon, 24 Mar 2003 12:19:44 -0600 From: "Jacques A. Vidrine" To: Stijn Hoop Cc: Michael Nottebrock , budsz , FreeBSD-Security Subject: Re: About *.asc Message-ID: <20030324181944.GG1911@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Stijn Hoop , Michael Nottebrock , budsz , FreeBSD-Security References: <20030321081451.GA13163@kumprang.or.id> <20030321082038.GC54854@pcwin002.win.tue.nl> <200303211429.09017.michaelnottebrock@gmx.net> <20030324110909.GH67203@pcwin002.win.tue.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030324110909.GH67203@pcwin002.win.tue.nl> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 X-Spam-Status: No, hits=-32.1 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 24, 2003 at 12:09:09PM +0100, Stijn Hoop wrote: > So you're saying that I should (at least locally) sign all keys that I > *know* belong to a person? Yes. If you *know* it belongs to whoever, which you can only know if you got the fingerprint from them in person. > In other words, since it's obviously impractical to have everyone sign > the FreeBSD security officer's key, I should locally sign it to signify > *my* trust in the fact that that key really belongs to the officer? Right. You want to _locally_ sign it, because you are not prepared to certify to everyone else in the world that you *know* it is the security officer key. > I'm just trying to make sure I understand here. Thanks for the clarification. By the way, you may find fun, and it may help you figure out what keys you'd need to import to produce a real trust path to the SO key. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message