sparkes at westmids.biz
Thu Aug 12 16:10:20 BST 2004
Peter Cannon wrote:
>On Thursday 12 Aug 2004 13:19, The wise and knowledgeable fizzy proclaimed:
>>The web of trust works by me saying I am who I am.
>>Then sparkes saying, yup he is who he is. If you want
>>to check I am who I say I am you follow the path...
>>"oh, if sparkes says who he is he /must/ be who he
>A bit thin don't you think?
That's the way it works. I trust fizzy. I know who he is and I have
seen his id that confirms he is who he says he is. So I sign his key.
I now trust fizzy because I can check the validity of his emails based
on the encrypted signature.
Now you know me. You check that I am who I say I am and you sign my key
and I yours. Now we trust each other. I can trust your mails based on
your signature and you can trust mine. Because I trust fizzy and you
trust me you can choose to trust fizzy also.
<weather forcast="fecking hell" />
just seen the largest hail stones in my life!
>look at the bigger picture. The concept of you
>sending me a PGP mail is fine I don't know you I've not met you but I know
>your a member of this list so on that basis and that basis alone I trust your
you trust to a certain extent but you wouldn't trust this connection to
give fizzy information about your private life like a message to a
doctor ;-) For that you would want a little bit of that magical trust
>However in the big bad world its a different kettle of fish.
>This is the point thats being missed, everyone is thinking in terms of the
>list rather than globally infact we do not need PGP because if I follow the
>ethos of web of trust we already have that by way of communication with each
>other via the list eg. wolvs-lug is our ID/key (Know theres a thought)
the lug performs as a basic web of trust but (as jon said) it could
perform a greater part in a web of trust by having a key signing get
together. I know Rob G from SB lug collected a lot of keys when ESR
failed to turn up so when we sign each other if someone went over to SB
lug we would extend our reach somewhat.
>>Of course, this method too is pretty breakable, unless
>>sparkes has seen my passport etc does he actually know
>>I am who I say I am?
>>But at least the second method is free :)
>I like free but thats the problem because its free everyones got it and
>everyone thinks they should use it.
I don't think everyone should use it for every mail but it makes sense
when trust becomes an issue. Someone on this list forwarded some
business mail to me from a third party today, but luckily I know the
parties involved so It offers a little bit more trust but it could have
been a fourth party with knowledge of the arrangement who wanted to
distrupt the third parties business or effect my and the other persons
relationships with them.
More information about the Wolves