Patrick O'Callaghan wrote:
Slightly OT, but what the hell: we should realize that trusting keys
isn't the same as trusting people. Trust as applied to PGP/GPG keys
means "I believe this key belongs to this person (e.g. because the
person physically gave me the public key and demonstrated that he
could sign things with the corresponding private one)". It does
*not* mean "I trust this person not to lie to me or do evil with the
information I send him". It's unfortunate that the web-of-trust
notion has taken on a semantic overlay that doesn't fit, due in
large part to the unfortunate choice of terminology.
A good point. In a few talks I've given on OpenPGP, I tried to make
the distinction that validity is for keys, and trust if for people.
And that this trust is (sort of like you say) in the sense of "I trust
this person to properly validate keys" and not in the "I trust this
person is a completely decent human." :)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL:
www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I believe in the noble, aristocratic art of doing absolutely nothing.
And someday, I hope to be in a position where I can do even less.