PGP/MIME considered harmful for mobile

Robert J. Hansen rjh at
Mon Feb 28 18:01:03 CET 2011

On 2/28/11 9:12 AM, David Shaw wrote:
> In this particular case, though, key signatures aren't even necessary
> - RM just needs to prove that he is the same entity that signed the
> other messages to the list.  That is, he's "real" in the sense that
> he is the Martin that the list knows and has been conversing with.

That depends a lot on what those prior conversations are.  If I've built
up trust in RM because I think he's been up-front and candid, and FM
comes along and presents a credible threat to RM's identity, then yes, I
have to revisit my trust decision in RM: I can no longer be confident
he's been up-front and candid.

More information about the Gnupg-users mailing list