Here at Circumvention I've been surprised by the number of people who have been asking me to sign their certificates. For all that the Web of Trust is mostly a broken technology, there are still clearly a lot of people who rely on it. There are also a lot of disconnected, isolated communities of privacy enthusiasts who would like to have some way to communicate in a trusted way with other communities.
They're hoping that Enigmail will be able to help, since we have a
certificate set which is widely trusted within the community. (Set
aside for right now arguments over whether people *should* trust our
certificates without doing face-to-face meet-ups and fingerprint
verifications and everything else; clearly, people *do* trust our
certificates.)
So, if you see my signature on a certificate, here's what it means. I have:
1. Met this person face-to-face
2. Received their fingerprint from them
3. Received their email address from them
4. Seen at least one form of government-issued
identification
5. Verified the email address on their user ID
matches the email address they gave me
6. Verified the fingerprint on their certificate
matches the fingerprint they gave me
Finally, I do not upload certificates to the keyservers without the
certificate owner's permission.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
