[Freedombox-discuss] Web of Trust Questions
John Walsh
fiftyfour at waldevin.com
Tue Dec 13 08:27:20 UTC 2011
Hi Everybody,
In the web of trust (WOT), I can create my own identity/key as opposed to a
Certificate Authority managing my identity/key. I could bring my key to a
key signing party with proof of identity. Let's say Fred was at the key
signing party, he checks my proof of identity and signs my key. My signed
key is uploaded to a key server creating a chain of trust with Fred and the
people who have signed Fred's key etc.
If I go to Bob's website (WOT cert), Bob checks my credentials through the
web of trust, i.e. only if there is a chain of trust between Bob's key and
my key will Bob grant me access to his site, otherwise I will be refused
access. Presumably, at the same time my browser will check there is a chain
of trust between my key and Bob's key and if there is no chain of trust I
will get a warning message, otherwise I will proceed as normal.
The web of trust is not really a web of trust, but a network of identity
checks, which is similar to Certificate Authorities. Firefox is loaded with
CA's Mozilla trusts, but I don't know them from Adam, so there is no real
reason I should trust them. Now, I would prefer to choose my own trust
authorities, who wouldn't necessarily be everybody who has signed my key.
For example, I wouldn't like my key to follow a chain of trust starting with
the black sheep in my family because you can't choose your family
So, does the WOT follow a chain of trust of ALWAYS using everybody who has
signed my key or can I choose my own trust authorities/anchors?
Firefox's options allow you to import certificates. Can I add my own "web of
trust authorities/certificates" to Firefox, which would have priority over
Mozilla's chosen CA's? Please also confirm that I just import the
certificates from key servers of those I trust.
Kind Regards
fiftyfour
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20111213/078efa2a/attachment-0001.html>
More information about the Freedombox-discuss
mailing list