hashed user IDs [was: Re: Security of the gpg private keyring?]
Ben McGinnes
ben at adversary.org
Sun Mar 13 08:38:14 CET 2011
On 13/03/11 7:22 AM, Robert J. Hansen wrote:
> On 3/12/2011 1:05 PM, MFPA wrote:
>> How does the WoT idea require me to know the names or email addresses
>> associated with the keys in the trust path? The text strings in User
>> IDs do not feature in the trust calculation.
>
> Yes, in fact, they do.
>
> In my past, there's an ex-CEO whom I'll just call "Ben."
I wish you hadn't. ;)
> Ben made some really astonishingly bad decisions that put him in
> prison for eighteen months, and left me with a permanent distrust
> for him. If I see Frank has signed Ben's certificate, and I trust
> Frank, am I going to trust Ben?
>
> Of course not.
I wouldn't trust him either.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/7129b2f6/attachment.pgp>
More information about the Gnupg-users
mailing list