[OTR-dev] Key question

Michael Donaghy md401 at cam.ac.uk
Fri Jan 13 14:17:19 EST 2006


On Friday 13 Jan 2006 11:02, Len Sassaman wrote:
> On Fri, 13 Jan 2006, Michael Donaghy wrote:
> > I verify that I'm using the right key the same way I verify that the key
> > I have for either of you is correct (Anyone can make a key with your
> > email address on it) - by using the web of trust. If I knew either of you
> > we would probably have already met and signed each other's keys, if not
> > there would hopefully be some mutual friend who had exchanged key
> > fingerprints with both of us, and so on.
>
> That presumes that trust is transitive.
>
No it doesn't, because a key is only trusted if you set it to be trusted. I 
trust Martin, so I set his key to have full trust. This means I see John's 
key as valid, since Martin has signed it. However, I don't see keys John has 
signed as valid as well, unless I manually set the trust on John's key to 
full.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20060113/a337277f/attachment.pgp>


More information about the OTR-dev mailing list