On Mon, Dec 01, 2003, Andrew Cowie wrote: > On Sun, 2003-11-30 at 09:02, Mary Gardiner wrote: > > which is why you shouldn't be trusting of many of the keys in your > > key ring. > > Of course, this is the whole reason for key signing events. > > If you show me a copy of your key [fingerprint], and a copy of some > photo identification, and assert that they key and ID are yours, then > I have a reasonable grounds to go back to my keyring and say "yes, I > trust that this key really is the digital public key of that person".
That's what *signing* the key indicates. Adding a *trust level* to that key not only means "yes, I trust that this key really is the digital public key of that person" but "yes, I trust that any keys signed by this key are signed after the key owner exercises due caution about people's identities." It's transitive -- I trust X, and then if X signs Y's key I trust that Y's key is authenticate *even though I never did the ID check myself*. Therefore, I trust person X's key only when I'm sure X is as paranoid as me about ID checking. Just seeing X's photo ID doesn't tell me that. Just because you have certified that key 1024D/77625870 is my public key by checking my ID and so on doesn't meant that you should trust me to check other people's ID for you. So as far as I can tell, public key signing does nothing to tell me whether I should trust people to sign other people's keys or not. It just tells me whether *I* should sign their key. FWIW, I don't like the word "trust" being used to describe this relationship between myself and X -- it's too overloaded and you get the same thing as you get with LiveJournal "friends lists" -- people taking it as a mark of "X is a decent person/X is my friend". -Mary -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug