Notices by Joshua Judson Rosen (rozzin) tagged trust
-
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 10:32:33 EDT Joshua Judson Rosen So, "what am I doing when I get a new key from someone and check the signatures to see if there are any people in common" depends heavily on what you mean by "check the signatures" and "people in common". If you mean "trace through signature-chains with no #trust #metrics to find *reachable* signatures", then no you're not using #WoT verification, you're making your own inferences based on something else. -
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 00:49:32 EDT Joshua Judson Rosen That #PGP's #WoT metrics (supposedly) propagate through signature-chains is somehow basically an extremely popular #myth; "talks about WoT being all about arbitrarily-long multi-hop chains of trust" and "conflates #trust and #identity #certification" have been "understands-pgp-p" litmus tests for me since I realized how confused *I was myself* years ago, and they've never failed before. -
Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 18:30:48 EDT Joshua Judson Rosen As the #GnuPG manual says, bundling #trust into #keysigning "is generally only useful in distinct communities or groups": https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html -
Joshua Judson Rosen (rozzin)'s status on Monday, 03-Nov-2014 00:15:23 EST Joshua Judson Rosen @lnxw48, I'd much rather people who #trust me #verify that they're actually getting a file _from me_ than from "the right domain". -
Joshua Judson Rosen (rozzin)'s status on Sunday, 26-Oct-2014 20:39:07 EDT Joshua Judson Rosen I think people should be a lot #paranoid and not base #trust of data-transfers on whether the endpoints appear to have good #DNS names. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 21-Jul-2013 11:38:28 EDT Joshua Judson Rosen I wonder whether #captchas actually scale better than #invitation systems and/or #trust metrics....