Editing Web of Trust

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:


== Noisebridge Web of Trust ==
Some of us were thinking it would be useful to have an informal noisebridge web of trust.
Here's how the GPG web of trust works:
* You want to send a message to Alice.
* You download the alice@example.com keys from a public keyserver. This key may not belong to the real Alice!
* If three or more people you trust, either directly or transitively, have signed the alice@example.com key, your GPG client will tell you that.
* Finally, you can send an email to Alice, with some assurance that you have the right key.
Noisebridge can help the following ways:
* Finding Alice's email address, if you don't already have it.
* Providing a convenient venue for you to meet three or more people who may know people who know Alice.
For now, we'd  like to get more people to sign each others' keys at Noisebridge. In the future, it may be useful to build tools to visualize islands and the noisebridge "strong set", the largest set of noisebridge people who mutually trust each other. Once that set of people is clear, you can join it by finding three or more people who belong to it who are willing to sign your key, and we can strategically bridge islands to join the largest group of people together.
== Clear instructions ==
signing someone's key!
+ get their key from a keyserver
  gpg --search-keys '<alice@example.com>'
+ You and Alice both do the follwing the long string of hex (the fingerprint). It's often convenient to read them out loud.
  gpg --fingerprint '<alice@example.com>'
+ Once you're convinced Alice is Alice,
  gpg --sign-key '<alice@example.com>'
+ Give Alice marginal trust, so that people who Alice and two other marginally-trusted people trust are transitively trusted by you:
  gpg --edit-key '<alice@example.com>'
  ... 
  gpg> trust
  ...
  Please decide how far you trust this user to correctly verify other users' keys
  (by looking at passports, checking fingerprints from different sources, etc.)
    1 = I don't know or won't say
    2 = I do NOT trust
    3 = I trust marginally
    4 = I trust fully
    5 = I trust ultimately
    m = back to the main menu
  Your decision? 2
+ Upload your signature to the keyserver
  gpg --send-key "$alice_fingerprint"
(there might be somthing easier just by using --edit-key, I haven't worked through it yet -l)
== Caveats ==
* Don't trust signatures you find on the noisebridge wiki.
* Don't trust 32-bit or 64-bit short ids. They can be easily faked. See https://evil32.com/
== chat log ==


so what's the action coming out, are we going to have an nb-wot?
so what's the action coming out, are we going to have an nb-wot?
Line 116: Line 54:
! scope="col"| Name
! scope="col"| Name
! scope="col"| Fingerprint
! scope="col"| Fingerprint
! scope="col"| 64-bit KeyID
! scope="col"| Key Location
! scope="col"| Key Location
|-
|-
! scope="row"| Zephyr <zv@nxvr.org>
! scope="row"| Zephyr <zv@nxvr.org>
| 9358 C8BD AAD9 A62B B08B  9660 F6F2 D044 5DC1 72F8
| 9358 C8BD AAD9 A62B B08B  9660 F6F2 D044 5DC1 72F8
| https://keybase.io/zetavolt/key.asc
| 0xF6F2D0445DC172F8
| raw.githubusercontent.com/zv/dotfilez/master/zv.gpg.pub
|  
|  
|-
|-
! scope="row"| cowlicks <cowlicks@riseup.net>
! scope="row"| Test
| D3A4 A167 C186 4747 8645  73F1 39E3 7237 0D7A A999
| Test
| https://keybase.io/cowlicks/key.asc
| Test
|  
| Test
|}
|}
Please note that all contributions to Noisebridge are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see Noisebridge:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel Editing help (opens in new window)
Retrieved from "https://www.noisebridge.net/wiki/Web_of_Trust"