gpg experts?
Darrin Chandler
dwchandler at stilyagin.com
Thu Feb 15 09:31:11 MST 2007
On Thu, Feb 15, 2007 at 09:02:28AM -0700, Joshua Zeidner wrote:
> On 2/15/07, Darrin Chandler <dwchandler at stilyagin.com> wrote:
> > FYI, those of you who sign every message and don't have your key on a
> > keyserver aren't accomplishing anything for the likes of us on this
> > list. Nobody has the slightest way of telling if it's really you with
> > any level of confidence.
>
> they don't right now, but if the sender wants to verify they can at
> any point... jmz
How so? I suppose it's possible with a lot of work on the recipient's
end, like tracking down emails from the past and comparing the signing
key over time. That's a PITA. Or getting face time or phone time. Also
something of a PITA.
OTOH, Alan Dayley put his key on a key server, and gpg nicely pulls it
down and shows me what it found. The name and email matches, and I
really believe it's Alan. So I signed his key on my keyring. I could
have been duped, but I'm happy with the odds in this case. But now if
someone pretends to be Alan and signs it with a bogus key I will know
immediately.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/ |
More information about the PLUG-discuss
mailing list