email verification as casual checking?

Steve Jones steve at
Thu Aug 28 14:18:55 CEST 2014

On Thu, 28 Aug 2014 13:12:30 +0200
Philip Jackson <philip.jackson at> wrote:

> Whether or not I want to send secrets to a person depends on lots of
> things.  I think at present that I would be unlikely to send any
> important secret by email. I cannot imagine my confidence levels on
> the person's identity or trustworthiness being enhanced at all by a
> keyserver process alone.  Not even if the keyserver were linked to a
> lie detector :-)

The process described isn't about validating the person, it's about
validating the key against an email address. If you're going to email
the person anyway you might as well have some confidence that you're
using the right key.

Steve Jones <steve at>
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20140828/192e17e2/attachment-0001.sig>

More information about the Gnupg-users mailing list