About PGP Signing a File.
John L Fjellstad
john-ubuntu at fjellstad.org
Mon Feb 12 22:49:16 UTC 2007
Tony Arnold <tony.arnold at manchester.ac.uk> writes:
> It therefore becomes a question of degrees of trust. A document that has
> been signed with a key that has also been signed by a number of people
> increases that degree of trust, but as you say does not guarantee
> authorship. A signature based on a key that has not been signed by
> anybody is much less trustworthy.
I don't see how the number of people signing a key makes it more
trustworthy unless you know at least one of the person who signed (and
then you only actually need that one person's signing). A bad guy could
just generate a bunch of new keys to sign the one key you are looking
at.
--
John L. Fjellstad
web: http://www.fjellstad.org/ Quis custodiet ipsos custodes
More information about the ubuntu-users
mailing list