[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: More about GPG signing

On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote:
> On 10/05/12 17:16, Brad Rogers wrote:
> > On Thu, 10 May 2012 17:59:34 +0200
> > Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
> > 
> > Hello Ralf,
> > 
> >> This resulted in "Valid signature, but cannot verify sender (Phil
> >> Dobbin <bukowskiscat@gmail.com>)":
> > 
> > Because there's no web of trust involving people that both you and the
> > keyholder know.
> > 
> So, the OP signs his mail to a list. I would guess that no web of trust
> exists between him and 99.9% of the list members.
> What is the benefit of such a signature?
It establishes identity the identity associated with the signature.  If
Ralf had been signing his emails for the last 2 years, I would feel
confident that I have a valid public key for "Ralf, the guy on the
debian-user mailing list, who often answers questions about audio".  Of
course I don't know if he's "Ralf with black hair", or "Ralf who lives
on Main St.", but for my purposes this is good enough.

If I someday want to send an encrypted message to the Ralf that I know
(debian-user Ralf), I can do it.  For me, knowing Ralf's personal
identity is not as important as knowing his online identity because our
relationship is online.  As long as I don't forget that, then seeing his
signature in emails is a potential benefit to me.


Reply to: