On Wed, Apr 28, 1999 at 08:24:23PM -0700, Jonathan Walther wrote: > Yes, but we all know that I've met Wichert in person :p So I don't > understand the execessiveness I see displayed here. Joseph, you SAW me > hanging out with Wichert :> In any other circumstance, your comments are > very valid, and any newbie would do well to study them with care. But I didn't see him looking at your ID, so I can't say that I'm sure his sig on your key means anything to me other than that he trusts your key. I have to make the determination of whether or not _I_ trust it myself. By my sig on your key, others can assume that I'm certain you're you, but they shouldn't necessarily assume that means they can be sure you're you, just that any two messages signed by your key came from the person who owns that key, be it you or someone impersonating you. => Of course if you have ten developers who have signed your key, I'm much more likely to believe you're you than if you had one or none at all. When it comes to cryptography, paranoia is a good thing. -- Joseph Carter <knghtbrd@debian.org> Debian GNU/Linux developer PGP: E8D68481E3A8BB77 8EE22996C9445FBE The Source Comes First! ------------------------------------------------------------------------- <muggles> i'm trying to convince some netcom admins i know to convert to Debian from RH, netgod, but they are DAMN stubborn <muggles> why RH users so damned hard headed? <Espy> it's the hat
Attachment:
pgp9FHKbXeWE1.pgp
Description: PGP signature