[foaf-protocols] Fwd: Using root CAs as a trusted 3rd party

Melvin Carvalho melvincarvalho at gmail.com
Sun Jan 22 05:26:06 EST 2012


interesting thread on the GPG list


---------- Forwarded message ----------
From: Aaron Toponce <aaron.toponce at gmail.com>
Date: 21 January 2012 19:12
Subject: Using root CAs as a trusted 3rd party
To: gnupg-users at gnupg.org


I just signed an OpenPGP key with cert level 0x12 (casual checking) given
the following scenario:

   * A PGP key was signed by an SSL certificate that was signed by a root
     CA
   * I verified that the signature was indeed from that root CA.
   * I striped the signature, and imported the PGP key.
   * I then signed the key, exported, and sent back.

What are your thoughts on using root CAs as a trusted 3rd party for
trusting that a key is owned by whom it claims? Of course, this is merely
for casual checking, but it seems to be "good enough".

Thoughts?

--
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 518 bytes
Desc: not available
URL: <http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20120122/47d72fa0/attachment.pgp>


More information about the foaf-protocols mailing list