[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: How trust works in gpg...
From: David Shaw <dshaw () jabberwocky ! com>
Date: 2008-04-25 13:11:55
Message-ID: EC067A0F-99E8-4394-99DC-68EFE7B0B86D () jabberwocky ! com
[Download RAW message or body]
On Apr 25, 2008, at 3:57 AM, Werner Koch wrote:
> On Thu, 24 Apr 2008 21:12, dshaw@jabberwocky.com said:
>
>> not how the OpenPGP trust system works. The person who gets to
>> decide
>> if a key+uid should be signed is the person who makes the signature.
>
> Nitpicking: It is not the OpenPGP trust system, but the way almost all
> OpenPGP applications are used (basically Web of Trust). OpenPGP is
> just
> a framework and you may implement any trust system on top of it; using
> the mechanisms provided by OpenPGP.
>
> I have to mention this because many people believe OpenPGP demands the
> WoT and exclude OpenPGP from further inspection when searching for a
> specialized PKI.
Absolutely. At one point there was talk about putting together an RFC
for a defined OpenPGP trust system (essentially documenting what we
have now), but there didn't seem to be much interest in it.
A significant use of OpenPGP is without the WoT at all.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic