[Freedombox-discuss] Relationship driven privacy
The Doctor
drwho at virtadpt.net
Thu Jul 7 18:36:43 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/06/2011 02:43 PM, Tony Godshall wrote:
> anonymous. But I don't see why, if you've
> verified a claimed identity in some other
> reasonable sense you cannot sign someone's
> key even if its pseudonymous.
You can sign a pseudanonymous key and publish it. What you have to be
cognizant of, however, is the trust level of the pseudanonymous key (set
when the public key is signed), which ranges from 0 (no trust at all) to
5 (trust fully). That metric goes into the list of signatures a public
key has picked up, and can make the difference between software using a
key, using the wrong key, or not using the right key. It also can make
the difference between people actively encrypting stuff to that public
key ("I know that key really belongs to J. Random Activist because the
following six dozen people I have some trust in know that the keypair
belongs to a fellow activist.") and avoiding contact with that user
("Not many people trust that this public key really belongs to J. Random
Activist; maybe it belongs to an impostor. I won't trust that key or
use it to contact that person.")
http://www.gnupg.org/gph/en/manual.html#AEN346
- --
The Doctor [412/724/301/703]
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: http://drwho.virtadpt.net/
Anger is always the shortest distance to a mistake.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4V/LsACgkQO9j/K4B7F8HguQCdG5vNNArGR52JJX1sICspksTb
5xcAoPG+QMJ9Q33SI5ejm73xwiil+XYc
=rWx5
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list