FW: [clug] ettiquette dilemma

Ambrose Andrews ambrose.andrews at anu.edu.au
Mon Jan 19 09:41:11 GMT 2004 


-----Original Message-----
From: Ambrose Andrews [mailto:ambrose.andrews at anu.edu.au]
Sent: Monday, 19 January 2004 8:38 PM
To: paul at pabryan.mine.nu
Cc: Ambrose Andrews
Subject: RE: [clug] ettiquette dilemma


Hrm - well...  after looking at the situation, i discovered that there was
only one person who had actually sent me a signed key...  the others were
duplicates or people who'd sent me empty mesages with 'signed key' in the
subject line.

As for whose keys to sign, i'd have thought signing someone's key doesn't
imply trust in their capacity to sign other keys, but merely in their
identity itself (and some rudimentary capacity to protect their private
key).  As for whether you trust that person's signing of other keys, i guess
some doubt is in order.

In context though, I think it was more of a one-off careless mistake
conditioned by the fact that my name was at the top of the list (and thus
the beginning of the signing fiesta before a routine had set in) rather than
a conceptual failure.

So if you want to assign low confidence in keys signed by the individual
concerned thats reasonable enough, but the decision of whether to actually
sign his key would be more an issue of whether he is who is says he is, and
whether he is capable of protecting his private key.

(btw there has been no upload, and he sent me a revocation certificate, for
what its worth [little since i haven't incorporated the signed key]).

  -AA.


-----Original Message-----
From: linux-bounces+ambrose=vrvl.net at lists.samba.org
[mailto:linux-bounces+ambrose=vrvl.net at lists.samba.org]On Behalf Of
paul at pabryan.mine.nu
Sent: Monday, 19 January 2004 7:49 AM
To: linux at lists.samba.org
Subject: Re: [clug] ettiquette dilemma


On Sat, Jan 17, 2004 at 03:17:54PM +1100, Brad Hards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sat, 17 Jan 2004 01:19 am, Ambrose Andrews wrote:
> > what a pain in the ethics. i shall contemplate how (and whether) to
> > breach the delicate subject with the miracle-afflicted persons
> > concerned.
> Please contact them, and ask them not to upload the keys (assuming that
they
> haven't already). No upload = no real damage.
>
> If possible, please let us know of the key ids. I haven't signed keys from
> LCA2004, but I don't have your name (or a few others) on the list of
people
> to sign for. I would like to tweak the trust for a couple of people who
> aren't good at recognising the name of people to sign keys for...
>

How's this coming? I've been holding off signing keys till I know who's key
not to sign as they obviously don't get the idea. Could you post the ids
please?
There's at least two of us now who want to know. Even send a private mail if
your worried about offending anyone.

Cheers,
Paul.

More information about the linux mailing list