From db0098b69b322a40512536e9da0a198eeb3aadd0 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Fri, 24 Jan 2020 22:48:27 +0200 Subject: [PATCH] README.md: add more information --- README.md | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 549fbfc..dc06706 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,43 @@ # pgp-alt-wot -PGP keys signed by me so I don't have to validate the same keys again-and-again and can just trust my own paper verified fingerprint in the subsequent validations. \ No newline at end of file +PGP keys signed by me so I don't have to validate the same keys +again-and-again and can just trust my own paper verified fingerprint in the +subsequent validations. + +WoT? [Web Of Trust](https://en.wikipedia.org/wiki/Web_of_trust) + +* * * * * + +Example use case for this repository is [Tor Browser](https://torproject.org/), +I need to download it on most of systems and I need to verify it and it's +painful to verify the PGP key all the time, while I can just verify my own +fingerprint from paper and see that it has signed the keys. I have done this +at least twice on Windowses first installing GPG through Chocolatey. + +* * * * * + +I don't know if there is point in putting down formal signing requirements, +but what has been my policy at the time of writing is: + +NOTE: this section is written from memory so may be inaccurate + +* friends - knowing for a long time through various connections and seeing + at times seeing IDs (or visiting both directions) and otherwise having + so deep relationship that lying about identity wouldn't be easily possible +* privacytools - confirmed from the people themselves, their websites, + privacytools.io (WKD in git) and similar. +* software - used their verification instructions (of varying strength) + * keepassxc.asc mullvad.asc tails.asc tor-browser-developers.asc yggdrasil.asc + * keepassxc - checked their website through normal and Tor Browser + * mullvad - checked their website and onion + * tails - followed their verification instructions (including checking + that it's signed by a Debian developer) + * tor-browser - followed their checking instructions + * yggdrasil - checked their website and comitted apt repo adding to git + +* * * * * + +TODO: + +* add links to the previous section +* add OnionShare?