[Wolves] PGP

Peter Cannon peter at cannon-linux.freeserve.co.uk
Thu Aug 12 12:46:26 BST 2004 

On Thursday 12 Aug 2004 12:15, The wise and knowledgeable Jon Farmer 
proclaimed:

Right before this degenerates into a slanging match

> Someone would send a stolen or fake passport to misappropriate a digital
> signature.

Lets get real! why the hell would some crook be interested in sending mails to 
this list or you. If I was a villain who had cough up a couple of grand for 
an ID or risked prison by stealing one I'd be buggered if I would waste it on 
some list.

> PGP's web of trust is nothing at all to do with WWW, World Wide Web or
> the internet come to mention it.

I know exactly what you meant by web of trust! but its still the same thing 
you are trusting others over the www or do you send mails by carrier pigeon?

> > The WWW is the best market for malicious evil individuals they can be
> > anyone anywhere and you wouldn't have a clue.
>
> Hence the need for PGP's web of trust.

Your too enamoured with your PGP software take a step back, you create the key 
yourself correct? just because somebody else uses the same software to 
produce their key may make them a member of your web of trust it does not 
mean they are who they say they are period!

> > I thought we promoted OPEN, FREE ideals? this smacks of closed
> > selectiveness, no key, no entrance. Looks like I'll be locked out then,
> > :-)
>
> Not at all. I would respectfully suggest you do not understand what the
> PGP web of trust is or the idea behind key signing parties.

Its OK you don't need to be courteous I think you've lost the gist of the 
conversation the whole premise was actually demonstrating who you said you 
were.

I made the suggestion that if your key/ID came from an official recognised 
body your key/ID would be more trusted than one created yourself even if it 
is with freebie software that any Joe public can download off the net

I, and I'm sure others place no confidence in the fact that a group (your web 
of individuals) all use the same product I'll tell you what I'll get my 
brother to post you a letter but put my name on it. I take it that will mean 
its come from me then?

Having said all that you are CORRECT even a verisign ID is not infallable but 
I still firmly believe verisign is 1000 times better than a home grown 
version. :-) 

-- 

Regards

Peter Cannon

peter at cannon-linux.freeserve.co.uk

"There is every excuse for not knowing!"
"But there is no excuse for not asking!"

More information about the Wolves mailing list