From: Adam Leibson Date: Wed, 12 Aug 2015 19:38:00 +0000 (-0400) Subject: commit X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=c241e6ebe7fd19384bc8d55862d0f2fcdcd6eed9;p=enc-live.git commit --- diff --git a/en/index.html b/en/index.html index 2ed0a18..45a8228 100644 --- a/en/index.html +++ b/en/index.html @@ -404,7 +404,7 @@

#4 Learn the Web of Trust

Email encryption is a powerful technology, but it has a weakness; it requires a way to verify that a person's public key is actually theirs. Otherwise, there would be no way to stop an attacker from making an email address with your friend's name, creating keys to go with it and impersonating your friend. That's why the free software programmers that developed email encryption created keysigning and the Web of Trust.

-

When you sign someone's key, you are publicly saying that you trust that it belongs to them and not an impostor. People who use your public key can see who has signed it. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is the constellation of all GnuPG users, connected to each other by chains of trust expressed through signatures, forming a giant network. The more signatures of people you trust a key has, the more trustworthy that key is.

+

When you sign someone's key, you are publicly saying that you trust that it belongs to them and not an impostor. Signing keys and messages is the same type mathematical operation, but they carry very different implications. It's a good practice to generally sign your email, but if you casually sign people's keys, you may accidently end up vouching for the identity of an imposter. People who use your public key can see who has signed it. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is the constellation of all GnuPG users, connected to each other by chains of trust expressed through signatures, forming a giant network. The more signatures of people you trust a key has, the more trustworthy that key is.