oss-sec mailing list archives

Re: Web of trust

From: Solar Designer <solar () openwall com>
Date: Tue, 5 Apr 2011 04:27:12 +0400

On Mon, Apr 04, 2011 at 11:00:42PM +0200, Yves-Alexis Perez wrote:

... considering the use of GPG, would it make sense to have at
least some kind of ???web of trust??? thing on the involved keys?


Yes.  I've been checking signatures on keys, although I did "have to"
accept a few keys that were not verifiable in this way.  I relied on
other means of verification in those cases.

That plus
subscribing the project address when possible could help maintaining
some confidence about where the mail really ends (though that doesn't
mean it can't be leaked later).


Yes.  With personal addresses, I have to verify that they're
acknowledged as addresses of the person involved with the project.

There's definitely room for improvement here.

Alexander

Current thread:

Re: Closed list, (continued)
- - - Re: Closed list Mark J Cox (Apr 04)
    - Re: Closed list Marcus Meissner (Apr 04)
    - Re: Closed list Marc Deslauriers (Apr 04)
    - Re: Closed list Jamie Strandboge (Apr 05)
    - Re: Closed list Solar Designer (Apr 05)
    - Re: Closed list Nico Golde (Apr 04)
    - Re: Closed list Solar Designer (Apr 04)
    - Re: Closed list Nico Golde (Apr 04)
    - Re: Closed list Solar Designer (Apr 04)
    - Re: Web of trust Yves-Alexis Perez (Apr 04)
    - Re: Web of trust Solar Designer (Apr 04)
- Re: Closed list Solar Designer (Apr 03)
  - Re: Closed list Josh Bressers (Apr 03)
- Re: Closed list Eugene Teo (Apr 03)
  - Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Huzaifa Sidhpurwala (Apr 03)
  - Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Oden Eriksson (Apr 03)
  - Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Micah Gersten (Apr 04)
  - Re: Closed list Solar Designer (Apr 04)

(Thread continues...)