Mutt/GnuPG doc initial release

Alexander Skwar
Tue Sep 25 12:29:01 2001

So sprach =BBDavid K. Trudgett=AB am 2001-09-25 um 15:30:21 +1000 :

> This is not strictly true. Let me point out why, because it is a point
> that is often overlooked, although someone else on this list did bring
> it up just recently.
Hmm, well, to be honest, I did not think about it this way. Well, it sounds logical for me, when you say that a signed mail makes you believe in it more. Let's take Werner as an example again. I (and I suppose the vast majority of people here and on the net) don't know him personally. All we know is that there's a person (? well, we suppose so *G*) writing a program called GnuPG and that this person signs the source files of this program with the name "Werner Koch". Now, do we know that there actually is a "Werner Koch"? No, we don't. And thinking about it - I could care less if there's a real-life person called "Werner Koch". I know that there's a net person who likes to call himself that way, and that's sufficient. Wrt. to the signed source files, it is sufficient because there's a large number of files signed with the same key. But this level of sufficiency (let's call it "trust") is not always good enough. In an ideal world, GnuPG/PGP signatures would be legal binding. For this to happen though, this marginal trust isn#t good enough. If he'd buy something from me and sign his order with his GnuPG key, I'd demand better/higher trust. You get the idea. Well,=20 a) sorry for the long mail, but now I do understand you b) uhm, I forgot what I wanted to say as "b)" *G*
> people's experience. If it were ever to become the case that these
> things became much more common, then I would suggest your opinion would
> quickly change.
Well, please leave it up to me how I behave/think. Thanks :) Anyhow, I suppose you're right, though. Alexander Skwar --=20 How to quote: (german) (english) Homepage: | - Die g=FCnstige Art an Linux Distributionen zu kommen Uptime: 2 days 0 hours 34 minutes