Re: OT: More about GPG signing
-----BEGIN PGP SIGNED MESSAGE-----
On 11/05/12 07:45, Jon Dowland wrote:
> On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote:
>> So, the OP signs his mail to a list. I would guess that no web of
>> trust exists between him and 99.9% of the list members.
>> What is the benefit of such a signature?
> I don't know Phil Dobbin, I haven't ever met him and I probably
> never will. Phil Dobbin exists to me only as a participant on this
> mailing list. He signs his mail. Over time, my mental model of Phil
> Dobbin will be composed entirely and exclusively based on his
> conduct on this mailing list. If I ever did meet him, I might be
> able to prove that the owner of key A093C263 is legally called Phil
> Dobbin in some juristiction or other. What exactly have I gained?
> This knowledge means nothing to me. I know many people who are not
> called by their legal name anyway. The fact that A093C263 calls
> himself "Phil Dobbin" is something I don't need to verify.
> In this particular case, the web of trust is not as relevant, since
> I don't need it to prove that one mail signed by A093C263 was
> written by the same person as another mail signed by A093C263.
> [ having said that, it would be nice if things like
worked. Phil, why not push your key and sigs to pgp.mit.edu? ]
Done. & the Dutch pgp authority now hold a copy also.
Now, can we all get back to work please? Four days is a long time to
discuss a subject that's been around to my knowledge for fifteen years :-)
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----