Reflections on Trusting Trust
Christian Brueffer
chris at unixpages.org
Wed Nov 30 15:51:47 GMT 2005
On Wed, Nov 30, 2005 at 02:43:43PM +0100, Alexander Leidinger wrote:
> Kurt Seifried <listuser at seifried.org> wrote:
>
> >should have people upload their keys. On another note I am available
> >to sign PGP keys (proving your key/identity is an excercise left to
> >the reader =),
>
> or to the signer... the keys are available in the handbook (either from
> www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending
> them to the @FreeBSD.org address should put them in to the hands of their
> owners (and if not, it doesn't matter, they just don't get your signature on
> their key). And AFAIK this is all PGP is supposed to verify, that the person
> behind "user at example.tld" is the same as the person with access to the
> secret key for this address. Please correct me if I'm wrong and PGP also is
> supposed to e.g. verify that the name is the same as on the passport or
> whatever way of personal identification is available where the owner of the
> key to sign lives).
>
Well, at least to me it's also about "does the name on the key and the
private key owner match?"
I wouldn't sign a foreign key without having checked an official
document containing a photo first (passport, drivers license etc).
- Christian
--
Christian Brueffer chris at unixpages.org brueffer at FreeBSD.org
GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20051130/118b3f3f/attachment.bin
More information about the freebsd-security
mailing list