[Enigmail] Certificate signing policy
ansus at neomailbox.ch
Wed Mar 4 08:04:38 CET 2015
For folks I correspond with routinely I just accept their certificate, don't care if its signed.
On 04/03/15 17:48, Robert J. Hansen wrote:
> Here at Circumvention I've been surprised by the number of people who
> have been asking me to sign their certificates. For all that the Web of
> Trust is mostly a broken technology, there are still clearly a lot of
> people who rely on it. There are also a lot of disconnected, isolated
> communities of privacy enthusiasts who would like to have some way to
> communicate in a trusted way with other communities.
> They're hoping that Enigmail will be able to help, since we have a
> certificate set which is widely trusted within the community. (Set
> aside for right now arguments over whether people *should* trust our
> certificates without doing face-to-face meet-ups and fingerprint
> verifications and everything else; clearly, people *do* trust our
> So, if you see my signature on a certificate, here's what it means. I have:
> 1. Met this person face-to-face
> 2. Received their fingerprint from them
> 3. Received their email address from them
> 4. Seen at least one form of government-issued
> 5. Verified the email address on their user ID
> matches the email address they gave me
> 6. Verified the fingerprint on their certificate
> matches the fingerprint they gave me
> Finally, I do not upload certificates to the keyservers without the
> certificate owner's permission.
> enigmail-users mailing list
> enigmail-users at enigmail.net
> To unsubscribe or make changes to your subscription click here:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the enigmail-users