[OTR-dev] Key question

Len Sassaman rabbi at abditum.com
Fri Jan 13 06:02:15 EST 2006


On Fri, 13 Jan 2006, Michael Donaghy wrote:

> I verify that I'm using the right key the same way I verify that the key I
> have for either of you is correct (Anyone can make a key with your email
> address on it) - by using the web of trust. If I knew either of you we would
> probably have already met and signed each other's keys, if not there would
> hopefully be some mutual friend who had exchanged key fingerprints with both
> of us, and so on.

That presumes that trust is transitive.

(Yes, I am asserting that the web of trust is insecure. I am pleased that
the OTR developers have not carried its weaknesses over to OTR.))



More information about the OTR-dev mailing list