PGP/MIME considered harmful for mobile

Robert J. Hansen rjh at
Mon Feb 28 04:05:13 CET 2011

> I'm not at all surprised that you had those results.  A limited subset of people have support for OpenPGP signatures.  A limited subset of those people actually verify signatures.  A limited subset of those people actually pay attention to what those signatures say.

Yes: but one would hope that on PGP-Basics those "limited subsets" would be present in significant numbers, much as on GnuPG-Users.

> It is reasonable that if someone was being masqueraded, that person would speak up and challenge the forger (e.g. "Hey, you're not Martin!  I'm the real Martin, and I can prove it by signing this message with the same key I've used all along....").  If the real Martin waited for someone else to notice, well, he may end up waiting for a long time.

I'm not sure this is reasonable.  If the real Martin doesn't care about what I'm saying, what motive does he have to check the signatures on my messages?

More information about the Gnupg-users mailing list