[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: More about GPG signing

Hash: SHA1

On 11/05/12 07:45, Jon Dowland wrote:

> On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote:
>> So, the OP signs his mail to a list. I would guess that no web of
>> trust exists between him and 99.9% of the list members.
>> What is the benefit of such a signature?
> I don't know Phil Dobbin, I haven't ever met him and I probably
> never will. Phil Dobbin exists to me only as a participant on this
> mailing list. He signs his mail. Over time, my mental model of Phil
> Dobbin will be composed entirely and exclusively based on his
> conduct on this mailing list. If I ever did meet him, I might be
> able to prove that the owner of key A093C263 is legally called Phil
> Dobbin in some juristiction or other.  What exactly have I gained?
> This knowledge means nothing to me. I know many people who are not
> called by their legal name anyway.  The fact that A093C263 calls
> himself "Phil Dobbin" is something I don't need to verify.
> In this particular case, the web of trust is not as relevant, since
> I don't need it to prove that one mail signed by A093C263 was
> written by the same person as another mail signed by A093C263.
> [ having said that, it would be nice if things like 
> http://pgp.cs.uu.nl/mk_path.cgi?FROM=06AAAAAA&TO=A093C263&PATHS=trust+paths
worked. Phil, why not push your key and sigs to pgp.mit.edu? ]

Done. & the Dutch pgp authority now hold a copy also.

Now, can we all get back to work please? Four days is a long time to
discuss a subject that's been around to my knowledge for fifteen years :-)



- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric

Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Reply to: