[Wolves] PGP

sparkes sparkes at westmids.biz
Thu Aug 12 16:10:20 BST 2004 

Peter Cannon wrote:

>On Thursday 12 Aug 2004 13:19, The wise and knowledgeable fizzy proclaimed:
>
>  
>
>>The web of trust works by me saying I am who I am.
>>Then sparkes saying, yup he is who he is.  If you want
>>to check I am who I say I am you follow the path...
>>"oh, if sparkes says who he is he /must/ be who he
>>is".
>>    
>>
>
>A bit thin don't you think? 
>
That's the way it works.  I trust fizzy.  I know who he is and I have 
seen his id that confirms he is who he says he is.  So I sign his key.  
I now trust fizzy because I can check the validity of his emails based 
on the encrypted signature.

Now you know me.  You check that I am who I say I am and you sign my key 
and I yours.  Now we trust each other.  I can trust your mails based on 
your signature and you can trust mine.  Because I trust fizzy and you 
trust me you can choose to trust fizzy also.

<weather forcast="fecking hell" />

just seen the largest hail stones in my life!

>look at the bigger picture. The concept of you 
>sending me a PGP mail is fine I don't know you I've not met you but I know 
>your a member of this list so on that basis and that basis alone I trust your 
>mails.
>
>  
>
you trust to a certain extent but you wouldn't trust this connection to 
give fizzy information about your private life like a message to a 
doctor ;-)  For that you would want a little bit of that magical trust 
thing.

>However in the big bad world its a different kettle of fish.
>
>This is the point thats being missed, everyone is thinking in terms of the 
>list rather than globally infact we do not need PGP because if I follow the 
>ethos of web of trust we already have that by way of communication with each 
>other via the list eg. wolvs-lug is our ID/key (Know theres a thought)
>
>  
>
the lug performs as a basic web of trust but (as jon said) it could 
perform a greater part in a web of trust by having a key signing get 
together.  I know Rob G from SB lug collected a lot of keys when ESR 
failed to turn up so when we sign each other if someone went over to SB 
lug we would extend our reach somewhat.

>>Of course, this method too is pretty breakable, unless
>>sparkes has seen my passport etc does he actually know
>>I am who I say I am?
>>
>>But at least the second method is free :)
>>    
>>
>
>I like free but thats the problem because its free everyones got it and 
>everyone thinks they should use it.
>
>  
>
I don't think everyone should use it for every mail but it makes sense 
when trust becomes an issue.  Someone on this list forwarded some 
business mail to me from a third party today, but luckily I know the 
parties involved so It offers a little bit more trust but it could have 
been a fourth party with knowledge of the arrangement who wanted to 
distrupt the third parties business or effect my and the other persons 
relationships with them.

sparkes

More information about the Wolves mailing list