> > > > That isn't how the web of trust works. Well, it *can* work that way for you, since you can choose who to trust and who not to, but that's not the information encoded in there. I "know" dozens of people on the net. I've exchanged encrypted mail with them, I've worked with them, in some case for years... and I've never met them in person. For all I know, they're actually a group of people sharing the same email address and using a name that looks like a real one, and not obviously pseudonymous like MFPA. > > > > Think about what it really means in the web of trust when you see a signature. The signature only maps back to a real person indirectly. > > > > David > > Good points all. Here's what I'm thinking. Imagine I trace path on the web of trust, like with those pgp pathfinders out there.
Example one: me -> us...@example.org -> us...@example.org -> us...@example.org -> you Now not that it's practical, but I could trace through that. user1 - he's an old college buddy. I ask him how he knows user2. He's been sitting in the next cube over from user1 for twenty years. I ask user2 how he knows user3. Key-signing party. A passport and a driver's license. I ask user3 how he knows you. We've been working on some open source project for years. I could, not that it's practical to do, perform additional verification all of these claims. Example 2: me -> us...@example.org -> us...@example.org -> a...@b.c -> you User1 same story. College buddies. User2. Same story. They work together. I ask user2 how he knows a...@b.c. He responds that he's not allowed to disclose the info for privacy concerns. I ask you how you know a...@b.c. You give the same response. Can't contact a...@b.c to ask who he is because it's not a real email. I would argue that those two examples have much different levels of indirectness, since I can't conceivably verify the chain in example 2.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
