From owner-freebsd-security Mon Mar 24 4: 9: 1 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA20837B401 for ; Mon, 24 Mar 2003 04:08:57 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id D7A8C43FB1 for ; Mon, 24 Mar 2003 04:08:55 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 15253 invoked from network); 24 Mar 2003 12:04:09 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 24 Mar 2003 12:04:09 -0000 Received: (qmail 9289 invoked by uid 1000); 24 Mar 2003 12:07:02 -0000 Date: Mon, 24 Mar 2003 14:07:02 +0200 From: Peter Pentchev To: Stijn Hoop Cc: Michael Nottebrock , budsz , FreeBSD-Security Subject: Re: About *.asc Message-ID: <20030324120702.GC615@straylight.oblivion.bg> Mail-Followup-To: Stijn Hoop , Michael Nottebrock , budsz , FreeBSD-Security References: <20030321081451.GA13163@kumprang.or.id> <20030321082038.GC54854@pcwin002.win.tue.nl> <200303211429.09017.michaelnottebrock@gmx.net> <20030324110909.GH67203@pcwin002.win.tue.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vEao7xgI/oilGqZ+" Content-Disposition: inline In-Reply-To: <20030324110909.GH67203@pcwin002.win.tue.nl> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-38.8 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --vEao7xgI/oilGqZ+ Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 24, 2003 at 12:09:09PM +0100, Stijn Hoop wrote: > On Fri, Mar 21, 2003 at 02:29:08PM +0100, Michael Nottebrock wrote: > > On Friday 21 March 2003 09:20, Stijn Hoop wrote: > > > To tell gpg that you trust that this is the key used by the FreeBSD > > > officer: > > > > > > $ gpg --edit-key security-officer@freebsd.org > > > > > > enter 'trust' and then e.g. '4'. > >=20 > > Not quite. What you've just told gpg there is that you trust the owner = of the=20 > > key to have an excellent understanding of key signing, and that his sig= nature=20 > > on a key would be as good as your own. >=20 > OK, I didn't know that (evidently). >=20 > > The basic expression of trust in pgp is signing / locally signing a key. >=20 > So you're saying that I should (at least locally) sign all keys that I > *know* belong to a person? >=20 > In other words, since it's obviously impractical to have everyone sign > the FreeBSD security officer's key, I should locally sign it to signify > *my* trust in the fact that that key really belongs to the officer? >=20 > I'm just trying to make sure I understand here. Thanks for the clarificat= ion. Basically, yes, but not *all* keys. The basis of PGP's web of trust is that you sign only a couple of keys that you know belong to people, and then your PGP software recognizes both those keys *and* keys signed by those keys, several levels deep, as deep as you configure it. In fact, you probably need to both sign a key and place your trust on it. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I've heard that this sentence is a rumor. --vEao7xgI/oilGqZ+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+fvTm7Ri2jRYZRVMRAh/7AJ9xb/ZoY4DpyzauuEDi5DsG24gzZQCeO2G7 b3K57KsnEGstLinQnRB4rPM= =PR6R -----END PGP SIGNATURE----- --vEao7xgI/oilGqZ+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message