Hi, On Mon, 2005-08-22 at 22:10 +0530, Jaybrata Bhattacharyya wrote: > we can build a web of trust at the mailing list level. at least we know > that the email addresses are valid and belong to those who post to this > list. so why not start a list level key signing part now?
Sorry to be a party pooper! but what you are suggesting has an inherent fallacy... you are right that the email addresses used to post are valid (as in working email addresses) but that does not really prove that people behind the email ids are actually who they claim to be (thats a very basic requirement for any web-of-trust scenario) A certain protocol is needed to be *strictly* observed at key-signing party. Please go through this rather long post from ILUG-Delhi m/l archives. http://www.mail-archive.com/[email protected]/msg00279.html [FWIW, Raju *is* a nationally recognised security expert and had hosted quite a few key signing parties for ILUG-Delhi.] cheers, -indra. > - -- > jaybrata -- L2C2 Technologies -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [ Innovations that make a Difference ] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Email : [EMAIL PROTECTED] Phone : (0)-98300-20971 WWW : http://www.l2c2.org -- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
