diff options
author | Martin Schulze <joey> | 2001-07-16 10:13:11 +0000 |
---|---|---|
committer | Martin Schulze <joey> | 2001-07-16 10:13:11 +0000 |
commit | 7866bdd4e1ee07d5f58d8cb0f1f071eda4d25e8f (patch) | |
tree | fc644f5e8ee8e6dc6447de5ee1af15ccb6bc82bc /english/events/keysigning.wml | |
parent | 5f15781ee4f0552f9741e1857580d1739e3bcc48 (diff) |
Added some blurb about how signing is done and what should not be
done. Courtesy of Brian Ristuccia and Steve Langasek.
CVS version numbers
english/events/keysigning.wml: 1.1 -> 1.2
Diffstat (limited to 'english/events/keysigning.wml')
-rw-r--r-- | english/events/keysigning.wml | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/english/events/keysigning.wml b/english/events/keysigning.wml index b58517a4da1..1035a86952a 100644 --- a/english/events/keysigning.wml +++ b/english/events/keysigning.wml @@ -6,8 +6,34 @@ improve the web of trust. Especially for people who are new to the project, keysigning and meeting other developers has been very interesting. -<p>The following list intends to help you with running a keysigning -session. +<p>This document intends to help you with running a keysigning +session. People should only sign a key under at least two conditions: + +<ol> + +<li>The key owner convinces the signer that the identity in the UID is + indeed their own identity by whatever evidence the signer is + willing to accept as convincing. Usually this means the key owner + must present a government issued ID with a picture and information + that match up with the key owner. (Some signers know that + government issued ID's are easily forged and that the trustability + of the issuing authorities is often suspect and so they may require + additional and/or alternative evidence of identity). + +<li>The key owner verifies that the fingerprint of the key about to be + signed is indeed their own. + +</ol> + +Most importantly, if the key owner is not actively participating in +the exchange, you won't be able to complete either requisite 1 or 2. +Nobody can complete the key owner's part of requisite 1 on the key +owner's behalf, because otherwise anyone with a stolen ID card could +easily get a PGP key to go with it by pretending to be an agent of the +keyowner. Nobody can complete the key owner's part of requisite 2 on +the key owner's behalf, since the agent could substitute the +fingerprint for a different PGP key with the key owner's name on it +and get someone to sign the wrong key. <ul> @@ -44,3 +70,24 @@ session. <li> Quit GnuPG with <code>quit</code> </ul> + +<h3>What you should not do</h3> + +<p>You should never sign a key for somebody else you haven't met +personally. Signing a key based on anything other than first-hand +knowledge destroys the utility of the Web of Trust. If ones friend +presents other developers with your ID card and your fingerprint, but +you are not there to verify that the fingerprint belongs to you, what +do other developers have to link the fingerprint to the ID? They have +only the friend's word, and the other signatures on your key -- this +is no better than if they signed your key just because other people +have signed it! + +<p>It is nice to get more signatures on ones key, and it is tempting +to cut a few corners along the way. But having trustworthy signatures +is more important than having many signatures, so it's very important +that we keep the keysigning process as pure as we can. Signing +someone else's key is an endorsement that you have first-hand evidence +of the keyholder's identity. If you sign it when you don't really +mean it, the Web of Trust can no longer be trusted. + |