| pinkee on Wed, 17 Apr 2002 20:28:45 -0400 |
|
On Wed, Apr 17, 2002 at 08:09:57PM -0400, Michael Leone wrote: > On Wed, 2002-04-17 at 19:40, gabriel rosenkoetter wrote: > > On Wed, Apr 17, 2002 at 06:39:31PM -0400, Michael Leone wrote: > > > All participants have to have copies of everyone involved's fingerprint; > > > it's just easier to funnel them to a central person, who then makes > > > enough printouts for all participants to look at. > > > > Um, but if I blindly trust that the printout that Darxus gives me > > matches what I'd get out of gpg --fingerprint for that key ID and > > sign the key, I've misplaced my trust. > > Why? Isn't that a sign that you trust Darxus? And you do, don't you, > since you've signed his key? A) If it is someones first key signing, they *haven't* signed Darxus' key. B) As far as I know Darxus has the *least* trustworthy of the keys. He doesn't have id that says Darxus, and he doesn't have anything on his key that matches his id. The closest thing we have is his liscence plate. :) C) If someone sent Darxus a key that was invalid and you signed it cause it was on Darxus paper, you signed a bad key. pinkee -- www.cavegirl.org www.mydarlingchild.com "He's kind of shy, but thats the kind of girl I am, he's my kind of guy...I want to be haunted by the ghost of your precious love. ... And now I know I never ever want to be without you." Sinead O'Connor and The Pogues Attachment:
pgpuwsL05xgXI.pgp
|
|