[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ADMIN: proposed new policy on the mailing list



> Here's one: How do you verify a signature for an anonymous,
> first time poster?

You don't try -- what would it mean?  You accept the provided public
key, and use it to check the continuity of the pseudonym.

> How do we prevent people from registering a key in
> someone else's name??? It's beyond me.

The list, to check signatures, has to have a trusted key from
each nym.  But there are different sorts of trust.  One might
certify that a given key belongs to a known real-world meat
machine.  Or one might certify only that it corresponds to the
legitimate user of a given net address.  In theory, one could
even certify that the key holder was not forced to hand a copy
over the the NSA, or make whatever other guarantees one chooses.
I think the trusting of keys should be left to individuals, who
may have different ideas of what it means for them to accept
a given signature.

In PGP's "web of trust" model, is there a general consensus on what
it means to sign someone's key?

> Wonderer

   Eli   [email protected]