Notices tagged with wot

Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 10:32:33 EDT Joshua Judson Rosen
- kat
So, "what am I doing when I get a new key from someone and check the signatures to see if there are any people in common" depends heavily on what you mean by "check the signatures" and "people in common". If you mean "trace through signature-chains with no #trust #metrics to find *reachable* signatures", then no you're not using #WoT verification, you're making your own inferences based on something else.

Wednesday, 03-Jul-2019 10:32:33 EDT from Qvitter permalink
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 01:15:55 EDT Joshua Judson Rosen
- kat
That #Tails "use the WoT" download #verification guide is telling you to do 2 distinct things:
1) use #PGP WoT metrics to identify someone who is a Tails developer (but not AFAICT to identify that person *as* a Tails developer);
2) make a WoT-less leap from "this is Bob" to "Bob is verified as a Tails developer AND his signatures mean something".

In that "→A→B→C" chain of mixed ops, #WoT only takes you to B.

Wednesday, 03-Jul-2019 01:15:55 EDT from Qvitter permalink
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 00:56:58 EDT Joshua Judson Rosen
- kat
It may also matter that when I say "#PGP", I really mean "#GnuPG" because AFAICT GPG is the PGP that everyone actually uses these days. There are "trust signatures" in #OpenPGP, and GPG can make and use them..., but they're a whole different thing from "trust", "signatures", and #WoT. And I don't think I've ever actually seen one in the wild. Some other PGP implementation might use tsigs by default? But I doubt it?

Wednesday, 03-Jul-2019 00:56:58 EDT from Qvitter permalink
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 00:49:32 EDT Joshua Judson Rosen
- kat
That #PGP's #WoT metrics (supposedly) propagate through signature-chains is somehow basically an extremely popular #myth; "talks about WoT being all about arbitrarily-long multi-hop chains of trust" and "conflates #trust and #identity #certification" have been "understands-pgp-p" litmus tests for me since I realized how confused *I was myself* years ago, and they've never failed before.

Wednesday, 03-Jul-2019 00:49:32 EDT from Qvitter permalink
Joshua Judson Rosen (rozzin)'s status on Monday, 01-Jul-2019 15:40:24 EDT Joshua Judson Rosen
- kat
- Cryptography
@boneidol The signature-flooding attack on the SKS #keyservers (and DoS of their users) is bad but doesn't actually sound like any kind of #apocalypse, and has basically nothing to do with the #WoT; signature-chains maybe, but that's something else entirely. !crypto

Monday, 01-Jul-2019 15:40:24 EDT from Qvitter permalink
Stefano Zacchiroli (zack)'s status on Tuesday, 12-Feb-2013 03:08:33 EST Stefano Zacchiroli
Remote profile options...
- planetdebian
Dustin Kirkland: «Introducing Hockeypuck -- a new #HKP server» http://ur1.ca/cs99t #WoT #gpg

Tuesday, 12-Feb-2013 03:08:33 EST from identi.ca permalink
Stefano Zacchiroli (zack)'s status on Saturday, 08-Dec-2012 05:16:37 EST Stefano Zacchiroli
Remote profile options...

…and http://ur1.ca/bg7wm is back, YAY! #gnupg #WoT

Saturday, 08-Dec-2012 05:16:37 EST from identi.ca permalink

Public

Notices tagged with wot

Feeds