On 2012-04-17 at 11:15:40 +1000, Fifty Four wrote: > > So what is "within my web of trust" ? Well, there's the handful of > > people who i'm willing to rely on to make claims of identity; people > > > This group is (significantly) smaller than the group of people whose > > identity (and public key) i believe i know. > This suggests that at the most you trust 3 people to do identity > checks on your behalf - fair enough. Do you believe this to be > the norm? I am only asking to gauge the usage of the "web of trust" > part of PGP because by far it’s the most confusing part of PGP. > Why promote something so confusing that is not widely used?
PGP also includes the concept of marginal trust: people you don't really trust to do identity checks on your behalf, but which you accept *as long as they agree with enough other people*. The default setting is that you need 3 such signatures to accept an identity as valid (is this where the number 3 comes from?), but you can raise it. Personally I only have a couple of persons whose signatures I fully trust, but I do have significantly more marginally trusted keys and 3 of them are enough for casual checks such as "is this somewhat controversial email on a public mailing list really from who it claims to be?". If I had to exchange sensitive data with people I couldn't meet in person in advance of course I would require more marginal signatures, or possibly just fully trusted ones, but that doesn't mean that the lesser trusted signatures are totally useless. -- Elena ``of Valhalla''
signature.asc
Description: Digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
