PGP/MIME considered harmful for mobile

Aaron Toponce aaron.toponce at
Mon Feb 28 14:18:24 CET 2011

On 02/27/2011 08:27 PM, Robert J. Hansen wrote:
> FM: [message]
> RM: Hey, that's not me!  I'm me.  See?  I've signed this with the same cert I've used for everything else on this list.
> FM: No, I'm the real Martin.  I didn't sign up for this mailing list until last week.  You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me!
> RM: But I'm the real Martin!  I've been posting here for months!
> FM: Prove it.  You can't!  Therefore, I'm the real Martin.
> RM: But you can't prove it either!

If RM has a substantial amount of signatures on his public key, and FM
doesn't, nor does he sign his mail, I'll be more likely to believe that
RM is the real deal. Isn't that the whole point of the Web of Trust, or
am I missing something here?

. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/255ff1ed/attachment.pgp>

More information about the Gnupg-users mailing list