[OTR-dev] Key question
Len Sassaman
rabbi at abditum.com
Fri Jan 13 06:02:15 EST 2006
On Fri, 13 Jan 2006, Michael Donaghy wrote:
> I verify that I'm using the right key the same way I verify that the key I
> have for either of you is correct (Anyone can make a key with your email
> address on it) - by using the web of trust. If I knew either of you we would
> probably have already met and signed each other's keys, if not there would
> hopefully be some mutual friend who had exchanged key fingerprints with both
> of us, and so on.
That presumes that trust is transitive.
(Yes, I am asserting that the web of trust is insecure. I am pleased that
the OTR developers have not carried its weaknesses over to OTR.))
More information about the OTR-dev
mailing list