[kwlug-disc] Generating and using PGP keys
Chris Frey
cdfrey at foursquare.net
Thu Feb 19 22:19:38 EST 2009
On Thu, Feb 19, 2009 at 10:07:14PM -0500, R. Brent Clements wrote:
> If I create one key and present its fingerprint to a group of people
> (herein referred to as you guys) to be signed, that would be my "ID"
> key. Then I can create new keys for specific purposes and sign them
> myself so that, er, by proxy? the trust that you guys have given my
> master key is extended to the new keys? And the security of that key
> is limited by the trustworthiness of whatever diligence and
> trustworthiness can be ascribed to you guys?
Yep.
The reason that signing new keys yourself works, is that others can then
follow the trail of signatures. If someone trusts my key, they can
check my signature on your key, and then your sig on your own key, and
be relatively certain it's you. At least more certain than downloading
some random key off the net and hoping. :-)
The bigger the web of signatures, the easier it is for someone to find a
verification trail to you.
- Chris
More information about the kwlug-disc
mailing list