PGP/MIME considered harmful for mobile

David Shaw dshaw at jabberwocky.com
Mon Feb 28 18:10:57 CET 2011


On Feb 28, 2011, at 12:01 PM, Robert J. Hansen wrote:

> On 2/28/11 9:12 AM, David Shaw wrote:
>> In this particular case, though, key signatures aren't even necessary
>> - RM just needs to prove that he is the same entity that signed the
>> other messages to the list.  That is, he's "real" in the sense that
>> he is the Martin that the list knows and has been conversing with.
> 
> That depends a lot on what those prior conversations are.  If I've built
> up trust in RM because I think he's been up-front and candid, and FM
> comes along and presents a credible threat to RM's identity, then yes, I
> have to revisit my trust decision in RM: I can no longer be confident
> he's been up-front and candid.

Well, I suppose that's up to you whether you want to trust RM or not.  A question on trustworthiness is outside crypto, and not what the discussion was about here in any event.

David




More information about the Gnupg-users mailing list