| David Shaw on 7 Feb 2004 03:22:02 -0000 |
|
On Thu, Feb 05, 2004 at 11:39:29PM -0500, gabriel rosenkoetter wrote: > Summed up well in Jörgen Cederlöf's signing policy: > > http://www.lysator.liu.se/~jc/signing-policy.html This is a fairly standard policy. I do something similar. There is a weakness in the protocol, but it's questionable how serious it is. His requirement that he is already connected to someone before he signs their key is a little odd, but that's his priviledge. With regards to this nonsense though: If I have had contact with someone through signed or encrypted e-mail over a time long enough to rule out at least temporary man-in-the-middle attacks, and I have verified the key with a key downloaded from his/her personal web page, or signed emails/fingerprints on public mailing lists, but I have not met the person or verified the key in any other way, I may sign the key with cert check level one. I'll spare you all a rant on the subject, and content myself with parsing the above statement: "I may sign keys when I have not met the person or verified the key." This is a dreadful, dreadful idea. Remember that the check level numbers are for human reading - the computer, when building the web of trust, treats all signatures the same. His unchecked signatures, made without any verification at all, carry the same weight as signatures where people actually bothered to do it right. There goes the web of trust. People who do this get an automatic "never trust" in my trustdb. David Attachment:
pgpKMvDe1TH45.pgp
|
|