Re: OT: More about GPG signing

To: debian-user@lists.debian.org
Subject: Re: OT: More about GPG signing
From: Phil Dobbin <bukowskiscat@gmail.com>
Date: Fri, 11 May 2012 09:41:50 +0100
Message-id: <[🔎] 4FACD0CE.5070909@gmail.com>
Reply-to: bukowskiscat@gmail.com
In-reply-to: <[🔎] 20120511064520.GD14319@debian>
References: <[🔎] 4FABE2B6.6020004@gmail.com> <[🔎] 1336664952.4735.10.camel@precise> <[🔎] 20120510155511.GI23173@codelibre.net> <[🔎] 1336665574.5057.2.camel@precise> <[🔎] 20120510171646.17a32d79@abydos.stargate.org.uk> <[🔎] 4FABED99.50807@vanderhoff.org> <[🔎] 20120511064520.GD14319@debian>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/05/12 07:45, Jon Dowland wrote:

> On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote:
>> So, the OP signs his mail to a list. I would guess that no web of
>> trust exists between him and 99.9% of the list members.
>> 
>> What is the benefit of such a signature?
> 
> I don't know Phil Dobbin, I haven't ever met him and I probably
> never will. Phil Dobbin exists to me only as a participant on this
> mailing list. He signs his mail. Over time, my mental model of Phil
> Dobbin will be composed entirely and exclusively based on his
> conduct on this mailing list. If I ever did meet him, I might be
> able to prove that the owner of key A093C263 is legally called Phil
> Dobbin in some juristiction or other.  What exactly have I gained?
> This knowledge means nothing to me. I know many people who are not
> called by their legal name anyway.  The fact that A093C263 calls
> himself "Phil Dobbin" is something I don't need to verify.
> 
> In this particular case, the web of trust is not as relevant, since
> I don't need it to prove that one mail signed by A093C263 was
> written by the same person as another mail signed by A093C263.
> 
> [ having said that, it would be nice if things like 
> http://pgp.cs.uu.nl/mk_path.cgi?FROM=06AAAAAA&TO=A093C263&PATHS=trust+paths
>
> 
worked. Phil, why not push your key and sigs to pgp.mit.edu? ]

Done. & the Dutch pgp authority now hold a copy also.

Now, can we all get back to work please? Four days is a long time to
discuss a subject that's been around to my knowledge for fifteen years :-)

Cheers,

  Phil...

- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPrNDNAAoJECPmYW6gk8JjOxsH/0NsJ5Tgs0moske2gEFSijGv
/oZyQ161dRqhNTF20Qsd8mtr05NriXira6avBREtlA1g0Nr1JU88DqgFveRaylYX
f0nG6mkFZazSIqWCkKnEj+olqJLoHD54x/zMPbkZHtz+4dbNx9DQljbTV7xLNpCN
F+9lF7rX/cjq89fzeTiNbBmblmPRO2PRr8EEHComY2btKy+mggVyTCkk5rXTkjlb
hZIJ7A2n/4NerP0C5Lx96Ab6OP9f/mky5Fefkb9JlaG08V0y3bTZweZFEXPwfO8j
xJUCT853g+qPTSWchZtZErb34fLRWT25xF/qpPP5mQAukbk3ybF86ZQ5Wt9TciI=
=uqL4
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: OT: More about GPG signing
  - From: Phil Dobbin <bukowskiscat@gmail.com>
- Re: OT: More about GPG signing
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: OT: More about GPG signing
  - From: Roger Leigh <rleigh@codelibre.net>
- Re: OT: More about GPG signing
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: OT: More about GPG signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: OT: More about GPG signing
  - From: Tony van der Hoff <tony@vanderhoff.org>
- Re: OT: More about GPG signing
  - From: Jon Dowland <jmtd@debian.org>

Prev by Date: Re: putting audio files onto a DVD
Next by Date: Re: putting audio files onto a DVD
Previous by thread: Re: OT: More about GPG signing
Next by thread: Re: OT: More about GPG signing
Index(es):
- Date
- Thread