Mutt/GnuPG doc initial release
Alexander Skwar
ASkwar@DigitalProjects.com
Tue Sep 25 12:29:01 2001
So sprach =BBDavid K. Trudgett=AB am 2001-09-25 um 15:30:21 +1000 :
> This is not strictly true. Let me point out why, because it is a point
> that is often overlooked, although someone else on this list did bring
> it up just recently.
Hmm, well, to be honest, I did not think about it this way. Well, it
sounds logical for me, when you say that a signed mail makes you believe
in it more.
Let's take Werner as an example again. I (and I suppose the vast
majority of people here and on the net) don't know him personally. All
we know is that there's a person (? well, we suppose so *G*) writing a
program called GnuPG and that this person signs the source files of this
program with the name "Werner Koch". Now, do we know that there
actually is a "Werner Koch"? No, we don't. And thinking about it - I
could care less if there's a real-life person called "Werner Koch". I
know that there's a net person who likes to call himself that way, and
that's sufficient.
Wrt. to the signed source files, it is sufficient because there's a
large number of files signed with the same key.
But this level of sufficiency (let's call it "trust") is not always good
enough. In an ideal world, GnuPG/PGP signatures would be legal binding.
For this to happen though, this marginal trust isn#t good enough. If
he'd buy something from me and sign his order with his GnuPG key, I'd
demand better/higher trust. You get the idea.
Well,=20
a) sorry for the long mail, but now I do understand you
b) uhm, I forgot what I wanted to say as "b)" *G*
> people's experience. If it were ever to become the case that these
> things became much more common, then I would suggest your opinion would
> quickly change.
Well, please leave it up to me how I behave/think. Thanks :) Anyhow, I
suppose you're right, though.
Alexander Skwar
--=20
How to quote: http://learn.to/quote (german) http://quote.6x.to (english)
Homepage: http://www.digitalprojects.com | http://www.iso-top.de
iso-top.de - Die g=FCnstige Art an Linux Distributionen zu kommen
Uptime: 2 days 0 hours 34 minutes