[Announce] A new GnuPG snapshot (unstable)

Janusz A. Urbanowicz alex at bofh.torun.pl
Sun Nov 11 18:44:01 CET 2001


Len Sassaman wrote/napisał[a]/schrieb:
> On Tue, 6 Nov 2001, Janusz A. Urbanowicz wrote:
> 
> > I think a good example is a 'designated' key certification service like
> > those that Thawte ran to sign PGP keys. Their ID validation procedure is
> > strong and the key may be trusted introducer.
> 
> Actually, Thawte's entire PGP signing system was pretty silly. They had
> the right basic idea, but totally flubbed on the details.

Again, this is disputable. I read the archive (thanks to Enzo Michelangelli
who supplied the URI) and the main argumnet against Thawte was that thawte
didn't get their key signed to become a 'respectable and trusted member of
Web Of Trust'.

This is true, that they didn't do this.

But they did as they do for X509, they declared themselves a trusted CA and
started signing keys. IMO they stretched a little the working of Web Of
Trust, but not broken the rules.

Anyone could set their key as ultimately trusted (after checking that it is
theirs) and rely on their ID-checking procedures, or not, and set their key
to being untrusted. Personally, I think that we need such a service in Web
Of Trust bacause the WOT on peer-to-peer basis doesn't work as well as
predicted. Having a trusted certifyer is a good thing. They could do better
a few things but even as it was, its is useful.

Alex
-- 
Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary

Gdy daję biednym chleb, nazywają mnie świętym. Gdy pytam, 
dlaczego biedni nie mają chleba, nazywają mnie komunistą. - abp. Helder Camara




More information about the Gnupg-devel mailing list