Christian Perrier wrote: > Funnily, its implementation of the process *also* makes it (the > process) more secure and reliable, thanks to the wisdom of the clever > people who developed it Whether verifying that someone currently gets email at the address on their key actually adds any meausurable benefit when signing is debatable, has been debated multiple times before, and neither side was, IIRC, argued fully convincingly before. Unless there's new information[2], discussing it again would not be useful. However, caff does something clever: It encodes a particular viewpoint on the best way to do things on the signing side into a somewhat[1] easy to use program, thus encouraging even people who are not convinced that it is the best way, to do things that way. This thread has shown that it somewhat hides the cost by pushing it onto the person who receives the caff mails. I think there's a broader lesson in there about arguing persuasively through code. -- see shy jo, channelling aj [1] Less easy in my experience when one has more than one active key (N) and is signing others with more than one key (M), that each have more than one email address (E), as the number of questions caff asks scales badly, O(N * M * E). It should be possible to reduce that to O(N * M + E), or just O(M + E) or, ideally, to just one single question. [2] Such as eg, madduck's mention of keyserver-no-modify.
Attachment:
signature.asc
Description: Digital signature