l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Jul 25 20:44

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] question about trust (gpg)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] question about trust (gpg)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 25 July 2002 03:53 pm, Peter Jay Salzman wrote:
> here are the people who have verified my fingerprint over the phone:
>
>   p@satan% gpg --list-sigs dirac
>   pub  1024D/67EA951D 2000-12-08 Peter Jay Salzman <p@dirac.org>
>   sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>
>   sig        58D7BA3C 2000-12-12  Henry House <hajhouse@houseag.com>
>   sig        074A81E6 2002-07-23  dugan (ME) <dugan@passwall.com>
>   sub  2048g/BA20F792 2000-12-08
>   sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>
>
>
> this afternoon, i spoke with ryan over the phone and we exchanged
> fingerprints.  then he signed my public key and sent me an exported copy
> of it.  i then --imported it.  now the list of people who trust me is:
>
>   pub  1024D/67EA951D 2000-12-08 Peter Jay Salzman <p@dirac.org>
>   sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>
>   sig        58D7BA3C 2000-12-12  Henry House <hajhouse@houseag.com>
>   sig        074A81E6 2002-07-23  dugan (ME) <dugan@passwall.com>
>   sig        DF61615F 2001-12-13  [User id not found]
>   sig        72177BC7 2002-07-25  Ryan Castellucci <ryan@mother.com>
>   sub  2048g/BA20F792 2000-12-08
>   sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>
>
> question: now, i assume that ryan's key was signed by whoever owns key
> DF61615F, and that since DF61615F trusts ryan, then DF61615F trusts me
> as well, right?  is this the "5 person rule" in action?

No, this is incorrect. The copy of your key that I had had been signed by 
DF61615F, who claims to trust your key. gpg does not sign a key with keys 
your key has been signed with (did that make sense?)

> question: henry (who signed my public key awhile ago) has no knowledge
> that ryan and matt now trust my key.  i WOULD like for him to know, just
> in case he passes my key to someone else (or just because i want him to
> know that i'm trusted and loved by all...).   is the standard operating
> procedure to send a copy of my key, along with the new people who signed
> it, to the people who previously signed my key?

Yeah, the keyservers are great for this. You could set up a script to run via 
a cron job to sync with the keyservers (weekly is my sugguestion....) and 
automaticly download the keys to any unknown signatures. (if anyone has/knows 
of such a script, please share)

It seems to me that notifing mailing lists (vox) with a short "My PGP/GPG key 
was signed by additional people on $DATE, contact me if you'd like a copy, or 
download it from a keyserver" would be fine, as would emailing friends who 
care.

It might be nice if gpg had the ability to sync your keys with a keyserver 
built in.

- -- 
PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90  34E7 11DF 44F3 7217 7BC7
On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177BC7`
Also available at http://www.cal.net/~ryan/ryan_at_mother_dot_com.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9QI1WEd9E83IXe8cRAvMVAKCRrLNi7MrLdWgCOG8JaZjvs0B7mACfXK5x
FRAQd4CQYhDa/fh7B42k8Hk=
=v2NR
-----END PGP SIGNATURE-----
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.