[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neil Williams wrote: > > Just if anyone is interested (just me then?), I managed to get one of the > GnuPG/PGP keyring / web-of-trust imaging programs to work and after a lot of > fiddling to get the scripts to concentrate just on DCLUG members, I've got > the file small enough to be usable and actually viewable! > > http://www.dclug.org.uk/linux_uk/dclugkeyring.png What I'm curious about is how to utilise the web of trust more effectively. I was trying to establish a chain of trust to bkuhn@xxxxxxx DB41B387. Mostly as FSF seem to be having security fun recently, signed MD5 checksums are going to be required for everything, although I fear we need more trust to make it effective. Although I can demonstrate to the FSF satisfaction I am the guy who released the last few versions of GNU Chess (very complex man in the middle attacks excepted - they'd have to be able to intercept, and resign mail, ftp and other traffic.), I'm not sure they can prove I'm Simon Waters.... by their deeds so shall you know them. Somehow I use gnupg and don't "trust" Werner Koch, which seems a little odd to me, I'm sure I "trusted"ed Phil Zimmerman at one point, since if I didn't trust the person who signed the distro of PGP what was the point in using the software?! So everyone ought to have a fairly tight line of trust to the GNUPG developers, and Werner signed Bradley's key. But I figured Debian developers or security related free software professionals were a safe bet of being one or two hops from Bradley at most. So I quickly wrote a one line command to pull all the signatories of a key into my keyring, and worked back along the most promising lines, my keyring is now bulging at 5000+ keys, kgpg is crawling, and I still have no chain of trust. I'm sure I'm missing something. -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Ltr6GFXfHI9FVgYRAmCIAKCrshp1+xBoFNzPyupg+yk04aqi2ACeIYnV 48ojlucilRLIydQDs5CQo9w= =+UXb -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.
