[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Signatures after using gpg?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] New Signatures after using gpg?
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 14 Sep 2011 14:30:57 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 14 Sep 2011 14:31:10 -0400
In-reply-to: <1316022377.71053.YahooMailClassic@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1316022377.71053.YahooMailClassic@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)

On Wed, Sep 14, 2011 at 10:46:17AM -0700, Big Momma wrote:
> I am using Ubuntu 10.04 and have the following line in my /etc/apt/sources.list
> 
> deb http://deb.torproject.org/torproject.org lucid main
> 
> I then followed the instructions here
> 
> https://www.torproject.org/docs/debian.html.en
> 
> Why are there 3 new signatures?  What does this mean?  Thanks. 
> 
> gpg --keyserver keys.gnupg.net --recv 886DDD89
> gpg: requesting key 886DDD89 from hkp server keys.gnupg.net
> gpg: key 886DDD89: "deb.torproject.org archive signing key" 3 new signatures
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg:         new signatures: 3

It means you had a copy of the key already, and now you downloaded a few
more signatures on the key, which can be used to improve your trust in it
if you recognize and trust any of the keys that signed it.

Do a "gpg --list-sigs 886DDD89" and you'll see (assuming you import
the other keys too) something like:

$ gpg --list-sigs 886DDD89
pub   2048R/886DDD89 2009-09-04 [expires: 2014-09-03]
uid                  deb.torproject.org archive signing key
sig 3        886DDD89 2009-09-04  deb.torproject.org archive signing key
sig 3        94C09C7F 2009-09-04  Peter Palfrader
sig          28988BF5 2009-09-11  Roger Dingledine <arma@xxxxxxx>
sig          31B0974B 2009-09-13  Andrew Lewman (phobos) <phobos@xxxxxxxxxx>
sig          639F6A66 2010-02-03  Adam Nichols <adam@xxxxxxxxx>
sig          5B172AB2 2010-02-18  Sven Lucke (Verschlüsselung) <svenlucke@xxxxxx>
sig          A1A1BC05 2010-02-19  Sven Lucke (Neuer Schlüssel) <luckesven@xxxxxx>
sig          27A1C89A 2010-10-17  z00z00z00 <z00z00z00@xxxxxxxx>
sig          6F10FC42 2010-11-05  [User ID not found]
sig          7B5D666B 2010-09-16  robbiemacg <publisher@xxxxxxxxxxxxxxxxxxxxxxx>
sig 3        29606E77 2010-11-15  lilo <al3lilo@xxxxxxxxxxxxx>
sig          339A7FA8 2010-09-23  Chris Jordan <jordanofspades@xxxxxxxxx>
sig          5B54D68C 2010-10-22  James O. Christie <jamesochristie@xxxxxxxxx>
sig          FDA28A1A 2011-06-30  [User ID not found]
sub   2048R/219EC810 2009-09-04 [expires: 2012-09-03]
sig          886DDD89 2009-09-04  deb.torproject.org archive signing key

In the PGP web of trust idea, anybody who wants to can sign a key for
whatever reason they choose. Some more people chose to sign the key since
you last fetched a copy. Nothing to worry about.

--Roger

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] New Signatures after using gpg?
  - From: Big Momma

Prev by Author: Re: [tor-talk] Tor 0.2.3.4-alpha is out
Next by Author: Re: [tor-talk] Vidalia bundles broken
Previous by thread: [tor-talk] New Signatures after using gpg?
Next by thread: [tor-talk] Selecting exit node by state - possible?
Index(es):
- Author
- Thread