From 566d44881ce849a3df3b44e29dd454b99a15492e Mon Sep 17 00:00:00 2001 From: Adam Leibson Date: Thu, 13 Aug 2015 12:05:16 -0400 Subject: [PATCH] commit --- en/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/en/index.html b/en/index.html index 8d8a204..d9de307 100644 --- a/en/index.html +++ b/en/index.html @@ -404,7 +404,7 @@

#4 Learn the Web of Trust

Email encryption is a powerful technology, but it has a weakness; it requires a way to verify that a person's public key is actually theirs. Otherwise, there would be no way to stop an attacker from making an email address with your friend's name, creating keys to go with it and impersonating your friend. That's why the free software programmers that developed email encryption created keysigning and the Web of Trust.

-

When you sign someone's key, you are publicly saying that you trust that it belongs to them and not an impostor. Signing keys and messages is the same type mathematical operation, but they carry very different implications. It's a good practice to generally sign your email, but if you casually sign people's keys, you may accidently end up vouching for the identity of an imposter. People who use your public key can see who has signed it. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is a constellation of GnuPG users, connected to each other by chains of trust expressed through signatures. The more signatures of people you trust a key has, the more trustworthy that key is.

+

When you sign someone's key, you are publicly saying that you've verified that it belongs to them and not an impostor. Signing keys and messages is the same type mathematical operation, but they carry very different implications. It's a good practice to generally sign your email, but if you casually sign people's keys, you may accidently end up vouching for the identity of an imposter. People who use your public key can see who has signed it. Once you've used GnuPG for a long time, you may have hundreds of signatures. The Web of Trust is a constellation of GnuPG users, connected to each other by chains of trust expressed through signatures. The more signatures of people you trust a key has, the more trustworthy that key is.

-- 2.25.1