Re: [clo-devel] Re: Please upload your public GPG key to common-lisp.net
Marco Baringer <mb@bese.it> writes:
ok, so this "guarntees" that the key belongs to whevere has access to that account (which is good), but how do you get people to trust common-lisp.net's key? am i missing something simple?
I'm guessing that when you send me your public key to register for a project and I reply with your password in an encrypted email (signed with the common-lisp.net key), you import the common-lisp.net key and sign it and then use it to verify the keyring whenever you need to. Does that sound like a plan? We should also publish it's fingerprint on the website. Erik.
Erik Enge <eenge@prium.net> writes:
I'm guessing that when you send me your public key to register for a project and I reply with your password in an encrypted email (signed with the common-lisp.net key), you import the common-lisp.net key and sign it and then use it to verify the keyring whenever you need to. Does that sound like a plan?
which means that _i'll_ trust common-lisp.net's key, but i was wondering about people who aren't developers on common-lisp.net. -- -Marco Ring the bells that still can ring. Forget your perfect offering. There is a crack in everything. That's how the light gets in. -Leonard Cohen
On Tue, Nov 11, 2003 at 08:04:07PM +0100, Marco Baringer wrote:
which means that _i'll_ trust common-lisp.net's key, but i was wondering about people who aren't developers on common-lisp.net.
Two answers: There is no easy way, I'm afraid. I suppose that individuals signed by Common-lisp.net should also sign the Common-lisp.net key, and try to exchange keys generally with the rest of the world (in a secure manner, of course), in hopes that a newcomer can find some entry point to the web of trust. Since people are lazy, many will decide to trust the key available from Common-lisp.net, even if they can't verify it. This means that those who get the key when Common-lisp.net is cracked lose. Cheers, -- Nikodemus
participants (3)
-
Erik Enge -
Marco Baringer -
Nikodemus Siivola