Robot CA at

Adrian 'Dagurashibanipal' von Bidder
Mon Dec 9 09:35:01 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-12-09 at 01:01, David Shaw wrote:
 [ 0x11 persona sigs ]

> Don't forget PGP.  You're making signatures that act incorrectly for
> exactly 100% of the user base of OpenPGP.  Are you sure you want to do
> that?

Nice as it is, I think the web of trust idea is much overrated. It works
for verifying signatures in everyday use, like on mailing lists. But
when real secrecy is in question, in most cases
 - people either have met in persona and therefore could exchange keys
 - or people are within a relatively closed group (say, Debian
developers who have to mail around account data), so manual verifying of
a trust path is easy enough.

I doubt the global web of trust is used much for more than a casual
verification. So, for me, e-mail robotCA has its justification as well
as 0x11 signatures (which hopefully people *do* notice as soon as they
become careful about trust), and I wouldn't call this 'polluting' the
web of trust.

-- vbi

this email is protected by a digital signature:

NOTE: keyserver bugs! get my key here:

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)

Signature policy: