oss-sec mailing list archives
Re: Web of trust
From: Solar Designer <solar () openwall com>
Date: Tue, 5 Apr 2011 04:27:12 +0400
On Mon, Apr 04, 2011 at 11:00:42PM +0200, Yves-Alexis Perez wrote:
... considering the use of GPG, would it make sense to have at least some kind of ???web of trust??? thing on the involved keys?
Yes. I've been checking signatures on keys, although I did "have to" accept a few keys that were not verifiable in this way. I relied on other means of verification in those cases.
That plus subscribing the project address when possible could help maintaining some confidence about where the mail really ends (though that doesn't mean it can't be leaked later).
Yes. With personal addresses, I have to verify that they're acknowledged as addresses of the person involved with the project. There's definitely room for improvement here. Alexander
Current thread:
- Re: Closed list, (continued)
- Re: Closed list Mark J Cox (Apr 04)
- Re: Closed list Marcus Meissner (Apr 04)
- Re: Closed list Marc Deslauriers (Apr 04)
- Re: Closed list Jamie Strandboge (Apr 05)
- Re: Closed list Solar Designer (Apr 05)
- Re: Closed list Nico Golde (Apr 04)
- Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Nico Golde (Apr 04)
- Re: Closed list Solar Designer (Apr 04)
- Re: Web of trust Yves-Alexis Perez (Apr 04)
- Re: Web of trust Solar Designer (Apr 04)
- Re: Closed list Josh Bressers (Apr 03)
- Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Solar Designer (Apr 04)