[vox-tech] question about trust (gpg)

Peter Jay Salzman vox-tech@lists.lugod.org
Thu, 25 Jul 2002 15:53:12 -0700


here are the people who have verified my fingerprint over the phone:

  p@satan% gpg --list-sigs dirac
  pub  1024D/67EA951D 2000-12-08 Peter Jay Salzman <p@dirac.org>
  sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>
  sig        58D7BA3C 2000-12-12  Henry House <hajhouse@houseag.com>
  sig        074A81E6 2002-07-23  dugan (ME) <dugan@passwall.com>
  sub  2048g/BA20F792 2000-12-08
  sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>


this afternoon, i spoke with ryan over the phone and we exchanged
fingerprints.  then he signed my public key and sent me an exported copy
of it.  i then --imported it.  now the list of people who trust me is:

  pub  1024D/67EA951D 2000-12-08 Peter Jay Salzman <p@dirac.org>
  sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>
  sig        58D7BA3C 2000-12-12  Henry House <hajhouse@houseag.com>
  sig        074A81E6 2002-07-23  dugan (ME) <dugan@passwall.com>
  sig        DF61615F 2001-12-13  [User id not found]
  sig        72177BC7 2002-07-25  Ryan Castellucci <ryan@mother.com>
  sub  2048g/BA20F792 2000-12-08
  sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>

question: now, i assume that ryan's key was signed by whoever owns key
DF61615F, and that since DF61615F trusts ryan, then DF61615F trusts me
as well, right?  is this the "5 person rule" in action?

i looked at some docs on how to receive keys from a public server, and i
imported the key:

  pub  1024D/67EA951D 2000-12-08 Peter Jay Salzman <p@dirac.org>
  sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>
  sig        58D7BA3C 2000-12-12  Henry House <hajhouse@houseag.com>
  sig        074A81E6 2002-07-23  dugan (ME) <dugan@passwall.com>
  sig        DF61615F 2001-12-13  Matt Roper (Main) <matt@mattrope.com>
  sig        72177BC7 2002-07-25  Ryan Castellucci <ryan@mother.com>
  sub  2048g/BA20F792 2000-12-08
  sig        67EA951D 2000-12-08  Peter Jay Salzman <p@dirac.org>

ok, so ryan knows that my public key was signed by myself, henry, ME,
matt and himself.

question: henry (who signed my public key awhile ago) has no knowledge
that ryan and matt now trust my key.  i WOULD like for him to know, just
in case he passes my key to someone else (or just because i want him to
know that i'm trusted and loved by all...).   is the standard operating
procedure to send a copy of my key, along with the new people who signed
it, to the people who previously signed my key?

thanks,
pete

-- 
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D