Re: OT: More about GPG signing
On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote:
> So, the OP signs his mail to a list. I would guess that no web of trust
> exists between him and 99.9% of the list members.
>
> What is the benefit of such a signature?
I don't know Phil Dobbin, I haven't ever met him and I probably never will.
Phil Dobbin exists to me only as a participant on this mailing list. He signs
his mail. Over time, my mental model of Phil Dobbin will be composed entirely
and exclusively based on his conduct on this mailing list. If I ever did meet
him, I might be able to prove that the owner of key A093C263 is legally called
Phil Dobbin in some juristiction or other. What exactly have I gained? This
knowledge means nothing to me. I know many people who are not called by their
legal name anyway. The fact that A093C263 calls himself "Phil Dobbin" is
something I don't need to verify.
In this particular case, the web of trust is not as relevant, since I don't
need it to prove that one mail signed by A093C263 was written by the same
person as another mail signed by A093C263.
[ having said that, it would be nice if things like
http://pgp.cs.uu.nl/mk_path.cgi?FROM=06AAAAAA&TO=A093C263&PATHS=trust+paths
worked. Phil, why not push your key and sigs to pgp.mit.edu? ]
Reply to: