PGP/MIME considered harmful for mobile
Robert J. Hansen
rjh at sixdemonbag.org
Mon Feb 28 18:01:03 CET 2011
On 2/28/11 9:12 AM, David Shaw wrote:
> In this particular case, though, key signatures aren't even necessary
> - RM just needs to prove that he is the same entity that signed the
> other messages to the list. That is, he's "real" in the sense that
> he is the Martin that the list knows and has been conversing with.
That depends a lot on what those prior conversations are. If I've built
up trust in RM because I think he's been up-front and candid, and FM
comes along and presents a credible threat to RM's identity, then yes, I
have to revisit my trust decision in RM: I can no longer be confident
he's been up-front and candid.
More information about the Gnupg-users