gpg experts?

[Darrin Chandler]

On Thu, Feb 15, 2007 at 09:02:28AM -0700, Joshua Zeidner wrote:
> On 2/15/07, Darrin Chandler <dwchandler at stilyagin.com> wrote:
> > FYI, those of you who sign every message and don't have your key on a
> > keyserver aren't accomplishing anything for the likes of us on this
> > list. Nobody has the slightest way of telling if it's really you with
> > any level of confidence.
> 
>   they don't right now,  but if the sender wants to verify they can at
> any point... jmz

How so? I suppose it's possible with a lot of work on the recipient's
end, like tracking down emails from the past and comparing the signing
key over time. That's a PITA. Or getting face time or phone time. Also
something of a PITA.

OTOH, Alan Dayley put his key on a key server, and gpg nicely pulls it
down and shows me what it found. The name and email matches, and I
really believe it's Alan. So I signed his key on my keyring. I could
have been duped, but I'm happy with the odds in this case. But now if
someone pretends to be Alan and signs it with a bogus key I will know
immediately.

-- 
Darrin Chandler                   |  Phoenix BSD Users Group
dwchandler at stilyagin.com          |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/  |