Mutt/GnuPG doc initial release

Alexander Skwar ASkwar@DigitalProjects.com
Tue Sep 25 12:29:01 2001 

So sprach =BBDavid K. Trudgett=AB am 2001-09-25 um 15:30:21 +1000 :

> This is not strictly true. Let me point out why, because it is a point

> that is often overlooked, although someone else on this list did bring

> it up just recently.


Hmm, well, to be honest, I did not think about it this way.  Well, it
sounds logical for me, when you say that a signed mail makes you believe
in it more.

Let's take Werner as an example again.  I (and I suppose the vast
majority of people here and on the net) don't know him personally.  All
we know is that there's a person (? well, we suppose so *G*) writing a
program called GnuPG and that this person signs the source files of this
program with the name "Werner Koch".  Now, do we know that there
actually is a "Werner Koch"?  No, we don't.  And thinking about it - I
could care less if there's a real-life person called "Werner Koch".  I
know that there's a net person who likes to call himself that way, and
that's sufficient.

Wrt. to the signed source files, it is sufficient because there's a
large number of files signed with the same key.

But this level of sufficiency (let's call it "trust") is not always good
enough.  In an ideal world, GnuPG/PGP signatures would be legal binding.
For this to happen though, this marginal trust isn#t good enough.  If
he'd buy something from me and sign his order with his GnuPG key, I'd
demand better/higher trust.  You get the idea.

Well,=20

a) sorry for the long mail, but now I do understand you
b) uhm, I forgot what I wanted to say as "b)" *G*


> people's experience. If it were ever to become the case that these

> things became much more common, then I would suggest your opinion would

> quickly change.


Well, please leave it up to me how I behave/think.  Thanks :)  Anyhow, I
suppose you're right, though.

Alexander Skwar
--=20
How to quote:	http://learn.to/quote (german) http://quote.6x.to (english)
Homepage:	http://www.digitalprojects.com   |   http://www.iso-top.de
   iso-top.de - Die g=FCnstige Art an Linux Distributionen zu kommen
		Uptime: 2 days 0 hours 34 minutes