Re: status: establishing a PGP web of trust

From: Frank Ch. Eigler
Date: Tue Oct 04 2011 - 19:18:06 EST

Hi -

On Wed, Oct 05, 2011 at 01:39:32AM +0300, Adrian Bunk wrote:

> [...] But the semantics of PGP key signing is that you certify that
> you verified that a photo ID of that person matches the name on the
> key. [...]

But that's begging the question. The semantics are what you want them
to be. Some keysigning parties take this super seriously, and maybe
with strangers there's some room for this. But in the end, when *I*
see a key with someone else's signature on it, there is no proof how
rigorously they investigated the person. The "reliable identity" part
of the web of trust is only one hop deep.

- FChE

Attachment: pgp00000.pgp
Description: PGP signature