[kwlug-disc] Generating and using PGP keys

unsolicited unsolicited at swiz.ca
Fri Feb 20 00:59:05 EST 2009


Consider http://en.wikipedia.org/wiki/Web_of_trust.

I certainly don't have my head around this stuff. Ward has a handle on 
it. Perhaps he'll offer his US$0.02?

Chris Frey wrote, On 02/19/2009 10:19 PM:
> On Thu, Feb 19, 2009 at 10:07:14PM -0500, R. Brent Clements wrote:
>> If I create one key and present its fingerprint to a group of people
>> (herein referred to as you guys) to be signed, that would be my "ID"
>> key.  Then I can create new keys for specific purposes and sign them
>> myself so that, er, by proxy? the trust that you guys have given my
>> master key is extended to the new keys?  And the security of that key
>> is limited by the trustworthiness of whatever diligence and
>> trustworthiness can be ascribed to you guys?
> 
> Yep.
> 
> The reason that signing new keys yourself works, is that others can then
> follow the trail of signatures.  If someone trusts my key, they can
> check my signature on your key, and then your sig on your own key, and
> be relatively certain it's you.  At least more certain than downloading
> some random key off the net and hoping. :-)
> 
> The bigger the web of signatures, the easier it is for someone to find a
> verification trail to you.



More information about the kwlug-disc_kwlug.org mailing list