Web of Trust itself is the problem

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 7 18:02:45 CET 2010

On 01/07/2010 11:50 AM, Alex Mauer wrote:
> Many people have correspondence with people they never have and never
> will meet in person, and knowing that it’s always the same person is
> still helpful.

agreed, key continuity checking is itself a useful tool, and maybe more
OpenPGP implementations should provide ways to facilitate that for keys
that *aren't* well-bound to the Web of Trust by the user's current trust

Key continuity checking doesn't solve the problem of initial contact,
though.  And it doesn't cope well with re-keying in the event of a
compromise.  So having functional, cryptographically-valid
infrastructure available to handle those important cases is a good thing.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100107/c8544450/attachment.pgp>

More information about the Gnupg-users mailing list