trusting public keys
Trevor Smith
trevor at haligonian.com
Sun Sep 19 07:42:38 UTC 2004
On September 19, 2004 1:02 am, Jeff Lee wrote:
> Would it be a safe bet for me to go ahead and mark people that I recieve
> email from on this list as trusted with gnupg? I realize that I shouldn't
It seems to me that this is the only sensible way to act. Since few of us will
ever meet, the *only* persona that we will ever want to verify is the one we
see on this list. So if a person self-identifies with a gpg key, then that
can be that person's signature from then on and that's all we really need to
know, isn't it? (That we're speaking to the same person 2 weeks from now that
we were speaking to today.)
Of course, no one should relate any real-world identity to an unverified
electronic identity, just because someone generates a gpg key, but I doubt
anyone is foolish enough to do that.
--
Trevor Smith // trevor at haligonian.com
More information about the users
mailing list