Web of Trust (a revolution)
"Stanisław T. Findeisen"
sf181257 at students.mimuw.edu.pl
Wed Apr 1 11:56:42 UTC 2009
Todd Zullinger wrote:
> $ gpg --list-options 'show-policy-urls' --list-sigs silfreed
> pub 1024D/ED00D312 2000-06-21
> uid Douglas E. Warner <silfreed at ...>
> sig 3 ED00D312 2005-11-02 Douglas E. Warner <silfreed at ...>
> sig 2 P BEAF0CE3 2006-08-07 Todd M. Zullinger <tmz at ...>
> Signature policy: http://www.pobox.com/~tmz/pgp/cert-policy.asc
> [...]
>
> I don't intend for that to make anyone trust my signatures unless they
> know a bit about me, of course. But I do try to be a good example and
> let those who may trust me know just what I mean when they see a
> signature from me on a key.
>
> Both notations and cert policy URLS may contain some data that is
> unique to a particular signature. Strings such as %k, %K, and %f will
> be expanded to the short key id, long key id, and fingerprint of the
> key being signed, respectively. That way, you could make the notation
> or policy URL point to a page for each signature. There you could
> include such details as where you met, what information you exchanged,
> etc.
Great done, I am impressed, I wasn't even aware that such things exist!
So, summarizing all this (see my the previous post from today) I'd say
that what we need is:
* an OpenPGP web of trust "CA" (operated by RedHat/Fedora/whatever,
sorry I'm not really aware of who is who here) with its public/private
keypair (CAK)
* an official and strictly-followed policy for signing people keys with
CAK (trust level 0 sigs)
* an official and strictly-followed policy for signing people keys with
CAK (trust level 1 sigs)
* a "marketing strategy" or something to tell people to trust CAK with
the level of 2
* some "goodies" like list of keys signed by CAK published on the web,
or maybe photos of all such meetings in person (depending on the
policy); surely photos, names and bios of all trust-level-1 sigs
holders. :-)
This way we achieve the goals of the revolution; we promote:
* GNU
* free software
* security and authenticity
* bazaar model
* Fedora
* OpenPGP web of trust, which is better than PKI.
STF
=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: 9D25 3D89 75F1 DF1D F434 25D7 E87F A1B9 B80F 8062
=======================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20090401/96e37c09/attachment-0001.bin
More information about the users
mailing list