PGP/MIME considered harmful for mobile
dshaw at jabberwocky.com
Mon Feb 28 18:10:57 CET 2011
On Feb 28, 2011, at 12:01 PM, Robert J. Hansen wrote:
> On 2/28/11 9:12 AM, David Shaw wrote:
>> In this particular case, though, key signatures aren't even necessary
>> - RM just needs to prove that he is the same entity that signed the
>> other messages to the list. That is, he's "real" in the sense that
>> he is the Martin that the list knows and has been conversing with.
> That depends a lot on what those prior conversations are. If I've built
> up trust in RM because I think he's been up-front and candid, and FM
> comes along and presents a credible threat to RM's identity, then yes, I
> have to revisit my trust decision in RM: I can no longer be confident
> he's been up-front and candid.
Well, I suppose that's up to you whether you want to trust RM or not. A question on trustworthiness is outside crypto, and not what the discussion was about here in any event.
More information about the Gnupg-users