[Freedombox-discuss] Santiago Verifying Requests

Elena ``of Valhalla'' elena.valhalla at gmail.com
Tue Apr 17 10:10:48 UTC 2012

On 2012-04-17 at 11:15:40 +1000, Fifty Four wrote:
> > So what is "within my web of trust" ?  Well, there's the handful of
> > people who i'm willing to rely on to make claims of identity; people
> > This group is (significantly) smaller than the group of people whose
> > identity (and public key) i believe i know.
> This suggests that at the most you trust 3 people to do identity 
> checks on your behalf - fair enough. Do you believe this to be 
> the norm? I am only asking to gauge the usage of the "web of trust" 
> part of PGP because by far it’s the most confusing part of PGP. 
> Why promote something so confusing that is not widely used? 

PGP also includes the concept of marginal trust: people you 
don't really trust to do identity checks on your behalf, 
but which you accept *as long as they agree with enough other people*.
The default setting is that you need 3 such signatures to 
accept an identity as valid (is this where the number 3 comes from?), 
but you can raise it.

Personally I only have a couple of persons whose signatures 
I fully trust, but I do have significantly more marginally trusted 
keys and 3 of them are enough for casual checks such as 
"is this somewhat controversial email on a public mailing 
list really from who it claims to be?".

If I had to exchange sensitive data with people I couldn't 
meet in person in advance of course I would require more 
marginal signatures, or possibly just fully trusted ones, 
but that doesn't mean that the lesser trusted signatures are 
totally useless.

Elena ``of Valhalla''
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120417/856bdea2/attachment-0001.pgp>

More information about the Freedombox-discuss mailing list