NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2003-03

Re: About *.asc

From: Peter Pentchev (roamringlet.net)
Date: Mon Mar 24 2003 - 06:07:02 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 24, 2003 at 12:09:09PM +0100, Stijn Hoop wrote:
> On Fri, Mar 21, 2003 at 02:29:08PM +0100, Michael Nottebrock wrote:
> > On Friday 21 March 2003 09:20, Stijn Hoop wrote:
> > > To tell gpg that you trust that this is the key used by the FreeBSD
> > > officer:
> > >
> > > $ gpg --edit-key security-officerfreebsd.org
> > >
> > > enter 'trust' and then e.g. '4'.
> >
> > Not quite. What you've just told gpg there is that you trust the owner of the
> > key to have an excellent understanding of key signing, and that his signature
> > on a key would be as good as your own.
>
> OK, I didn't know that (evidently).
>
> > The basic expression of trust in pgp is signing / locally signing a key.
>
> So you're saying that I should (at least locally) sign all keys that I
> *know* belong to a person?
>
> In other words, since it's obviously impractical to have everyone sign
> the FreeBSD security officer's key, I should locally sign it to signify
> *my* trust in the fact that that key really belongs to the officer?
>
> I'm just trying to make sure I understand here. Thanks for the clarification.

Basically, yes, but not *all* keys. The basis of PGP's web of trust is
that you sign only a couple of keys that you know belong to people, and
then your PGP software recognizes both those keys *and* keys signed by
those keys, several levels deep, as deep as you configure it. In fact,
you probably need to both sign a key and place your trust on it.

G'luck,
Peter

--
Peter Pentchev roamringlet.net roamsbnd.net roamFreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
I've heard that this sentence is a rumor.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+fvTm7Ri2jRYZRVMRAh/7AJ9xb/ZoY4DpyzauuEDi5DsG24gzZQCeO2G7
b3K57KsnEGstLinQnRB4rPM=
=PR6R
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]