On Thu, Feb 15, 2007 at 09:02:28AM -0700, Joshua Zeidner wrote:
> On 2/15/07, Darrin Chandler <dwchandler@stilyagin.com> wrote:
> > FYI, those of you who sign every message and don't have your key on a
> > keyserver aren't accomplishing anything for the likes of us on this
> > list. Nobody has the slightest way of telling if it's really you with
> > any level of confidence.
>
> they don't right now, but if the sender wants to verify they can at
> any point... jmz
How so? I suppose it's possible with a lot of work on the recipient's
end, like tracking down emails from the past and comparing the signing
key over time. That's a PITA. Or getting face time or phone time. Also
something of a PITA.
OTOH, Alan Dayley put his key on a key server, and gpg nicely pulls it
down and shows me what it found. The name and email matches, and I
really believe it's Alan. So I signed his key on my keyring. I could
have been duped, but I'm happy with the odds in this case. But now if
someone pretends to be Alan and signs it with a bogus key I will know
immediately.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler@stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/ |
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)