[colug-432] PGP Signing Party

Steven Lefevre lefevre.10 at osu.edu
Tue Dec 21 14:28:12 EST 2010


On Tue, Dec 21, 2010 at 9:32 AM, William Yang <wyang at gcfn.net> wrote:

> If my friend Rob signs my key, and Mike over there knows Rob and trusts
> Rob, and so forth, we can do the 7-degrees of Kevin Bacon in PGP keys
> game to come to a trustworthy source by establishing a chain of trusted
> relationships between your key and a recipient's.  While you can
> certainly validate a 1:1 relationship (as I have with many of my
> professional associates, and which forms my immediate circle of trust in
> PGP), the real value is this "web of trust" that allows people to ride
> on a chain of trusted relationships of varying strength.

So how does this actually play out on my computer? Say I get an email
or another bit of data that is signed by William Yang, and my
application that's opening the data is PGP-capable. Does it go and
look up the web of trust, and report back to me some kind report on
how trustworthy the data is? How do I actually come to find out that
the signature is trustworthy or not?



More information about the colug-432 mailing list