Re: About PGP Signing a File.

---

• From: Tony Arnold <tony.arnold@xxxxxxxxxxxxxxxx>
• Date: Tue, 13 Feb 2007 08:00:25 +0000

---

John L Fjellstad wrote:

Tony Arnold <tony.arnold@xxxxxxxxxxxxxxxx> writes:

It therefore becomes a question of degrees of trust. A document that has
been signed with a key that has also been signed by a number of people
increases that degree of trust, but as you say does not guarantee
authorship. A signature based on a key that has not been signed by
anybody is much less trustworthy.

I don't see how the number of people signing a key makes it more
trustworthy unless you know at least one of the person who signed (and
then you only actually need that one person's signing). A bad guy could
just generate a bunch of new keys to sign the one key you are looking
at.

Indeed that is true. In fact a really bad guy could generate a whole
load of fake keys and use them to sign his own, which is why I siad it
wasn't guaranteed.

But on probability grounds a key signed by multiple people is likely to
be more trustworthy than a totally unsigned key.

And if it's signed by someone you know or someone you can trust, then
even better.

Phil Zimmerman, who invented PGP, used to sign keys at conventions etc
or wherever he was appearing and I think you had to produce your
passport before he would sign it. So, a key signed by Phil is likely top
be reasonably trustworthy!

Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold@xxxxxxxxxxxxxxxx, H: http://www.man.ac.uk/Tony.Arnold

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

---

• Follow-Ups:
  • Re: About PGP Signing a File.
    • From: Jeffrey F. Bloss

• References:
  • About PGP Signing a File.
    • From: Joel Bryan Juliano
  • Re: About PGP Signing a File.
    • From: Matthew Flaschen
  • Re: About PGP Signing a File.
    • From: John Dangler
  • Re: About PGP Signing a File.
    • From: Tony Arnold
  • Re: About PGP Signing a File.
    • From: Jeffrey F. Bloss
  • Re: About PGP Signing a File.
    • From: Tony Arnold
  • Re: About PGP Signing a File.
    • From: John L Fjellstad

• Prev by Date: Re: About PGP Signing a File.
• Next by Date: Re: About PGP Signing a File.
• Previous by thread: Re: About PGP Signing a File.
• Next by thread: Re: About PGP Signing a File.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Effects of Magic ... fire mage is a big deal, ... kept secret, then she blabs to the first person she has ... tell secrets to people who aren't trustworthy. ... don't think Ellen's trust is impossible. ... (rec.arts.sf.composition) Re: this thanksgiving ... most hated and worldly despised president in US history. ... If electing someone to a position of trust made them ... trustworthy, we could apply the same "logic" and crimes would stop ... (alt.gathering.rainbow) Re: Taxi drivers ... kept mumbling what I took to be obscenities in his own ... language. ... Lovely people, just not trustworthy. ... OK -- trust but verify, ... (alt.usage.english) Re: About PGP Signing a File. ... anybody is much less trustworthy. ... I don't see how the number of people signing a key makes it more ... trust you put on a key depends on the security organization you are in. ... (Ubuntu)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Ubuntu  > 2007-02