[Freedombox-discuss] Santiago Verifying Requests
Elena ``of Valhalla''
elena.valhalla at gmail.com
Tue Apr 17 10:10:48 UTC 2012
On 2012-04-17 at 11:15:40 +1000, Fifty Four wrote:
> > So what is "within my web of trust" ? Well, there's the handful of
> > people who i'm willing to rely on to make claims of identity; people
>
> > This group is (significantly) smaller than the group of people whose
> > identity (and public key) i believe i know.
> This suggests that at the most you trust 3 people to do identity
> checks on your behalf - fair enough. Do you believe this to be
> the norm? I am only asking to gauge the usage of the "web of trust"
> part of PGP because by far it’s the most confusing part of PGP.
> Why promote something so confusing that is not widely used?
PGP also includes the concept of marginal trust: people you
don't really trust to do identity checks on your behalf,
but which you accept *as long as they agree with enough other people*.
The default setting is that you need 3 such signatures to
accept an identity as valid (is this where the number 3 comes from?),
but you can raise it.
Personally I only have a couple of persons whose signatures
I fully trust, but I do have significantly more marginally trusted
keys and 3 of them are enough for casual checks such as
"is this somewhat controversial email on a public mailing
list really from who it claims to be?".
If I had to exchange sensitive data with people I couldn't
meet in person in advance of course I would require more
marginal signatures, or possibly just fully trusted ones,
but that doesn't mean that the lesser trusted signatures are
totally useless.
--
Elena ``of Valhalla''
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120417/856bdea2/attachment-0001.pgp>
More information about the Freedombox-discuss
mailing list