-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Friday 11 March 2011 at 1:54:57 PM, in <mid:[email protected]>, Robert J. Hansen wrote: > It is useful to quite a lot of people. Look at how > many people map out webs of trust for entirely innocent > purposes. In fact, mapping out webs of trust is > necessary for the WoT idea to even work. "Well, I've > signed Frank's key and I see that Frank's signed > Gianna's key, and I trust Frank so..." The WoT can be mapped with or without names. In your example, how is your trust enhanced by knowing Gianna's name? "I signed Frank's key and I see that Frank's signed a key that has user ID '7b7581fe6670a6a4a29b2fd46eaf5ac34a6a86d134fe8931729e66970b707349 <466ffe71badce782db1808ee80bd01dabf0d95e4a3b8ccbbe5fcdc68b86c2bb9>', and I trust Frank so..." How does the WoT idea require me to know the names or email addresses associated with the keys in the trust path? The text strings in User IDs do not feature in the trust calculation. >> It's perfectly OK for me that you can see that I have >> signed Ben's key but why should others know that? > Because this is not an ORCON system. The system is > built around public certifications and private > certifications. You're talking about introducing an > entirely new method, something which seems basically > like an ORCON certification: "I'll make the > certification, but I get to control who gets to learn > about the certification." That one sentence quoted in isolation from Hauke could be construed in that way. But take into account the context and it becomes clear that he was saying no such thing. A certification made by a key that had hashed user IDs would be just as visible as any other certification. What would not be visible (at least to people who didn't already know it) is the identity and email address of the certifying key's owner. - -- Best regards MFPA mailto:[email protected] A nod is as good as a wink to a blind bat! -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNe7X4nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pGoQD/jR0 q47WKypv3KVj2prv09mYxLKbYakIPSR4wF57LoEMOg0J3WpD6ceGURsWJX8lovDv ii4VHB3jcGWgupYa0EzsOYGxZviHVWi+TNgblNHEcsUH4+ucIHqoh6nRoyWrOUGD 2C/ojDYkipYM+ISTWq9cSgHv+hiV1EgY8HlOPKf2 =aYPX -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
