Web of Trust (a revolution)

"Stanisław T. Findeisen" sf181257 at students.mimuw.edu.pl
Wed Apr 1 11:56:42 UTC 2009

Todd Zullinger wrote:
> $ gpg --list-options 'show-policy-urls' --list-sigs silfreed
> pub   1024D/ED00D312 2000-06-21
> uid                  Douglas E. Warner <silfreed at ...>
> sig 3        ED00D312 2005-11-02  Douglas E. Warner <silfreed at ...>
> sig 2   P    BEAF0CE3 2006-08-07  Todd M. Zullinger <tmz at ...>
>    Signature policy: http://www.pobox.com/~tmz/pgp/cert-policy.asc
> [...]
> I don't intend for that to make anyone trust my signatures unless they
> know a bit about me, of course.  But I do try to be a good example and
> let those who may trust me know just what I mean when they see a
> signature from me on a key.
> Both notations and cert policy URLS may contain some data that is
> unique to a particular signature.  Strings such as %k, %K, and %f will
> be expanded to the short key id, long key id, and fingerprint of the
> key being signed, respectively.  That way, you could make the notation
> or policy URL point to a page for each signature.  There you could
> include such details as where you met, what information you exchanged,
> etc.

Great done, I am impressed, I wasn't even aware that such things exist!

So, summarizing all this (see my the previous post from today) I'd say 
that what we need is:

* an OpenPGP web of trust "CA" (operated by RedHat/Fedora/whatever, 
sorry I'm not really aware of who is who here) with its public/private 
keypair (CAK)
* an official and strictly-followed policy for signing people keys with 
CAK (trust level 0 sigs)
* an official and strictly-followed policy for signing people keys with 
CAK (trust level 1 sigs)
* a "marketing strategy" or something to tell people to trust CAK with 
the level of 2
* some "goodies" like list of keys signed by CAK published on the web, 
or maybe photos of all such meetings in person (depending on the 
policy); surely photos, names and bios of all trust-level-1 sigs 
holders. :-)

This way we achieve the goals of the revolution; we promote:
* free software
* security and authenticity
* bazaar model
* Fedora
* OpenPGP web of trust, which is better than PKI.


OpenPGP: 9D25 3D89 75F1 DF1D F434  25D7 E87F A1B9 B80F 8062

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20090401/96e37c09/attachment-0001.bin 

More information about the users mailing list