MUA "automatically signs keys"?
MFPA
2014-667rhzu3dc-lists-groups at riseup.net
Thu Jan 30 22:09:45 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Thursday 30 January 2014 at 12:58:44 AM, in
<mid:20140130005844.1f0f5b54 at steves-laptop>, Steve Jones wrote:
> The advantage you have here though is the web of trust.
> 1 level 1 signature would probably be not enough, but
> 5, 10, 100..?
If the signatures are made automatically be email software without
verifying identity, where is the web of trust? Lots of such signatures
would tie the key to the email address but not to a person. Email
addresses, just like phone numbers, may be re-used by a different
person today to who used them last year.
> There comes a point where you have to
> decide that a certain level of security is good enough.
That is one of the points of the oft-repeated mantra "It depends on
your threat model."
- --
Best regards
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Great minds discuss ideas;
Average minds discuss events;
Small minds discuss people.
-----BEGIN PGP SIGNATURE-----
iPQEAQEKAF4FAlLqv59XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pT/8EAI9tSZ3POJC+LVqut0YRQFslGcxTZlROLJUb
QLfAwUTb2u0o9sla57Seqpxcop8BV9ypbTS4raPMEOjrL0t/fz5kWb6I9sNguaxf
szfcOq2KLwh/KzgaWKJrDEiTPxcQk1skevohts7137E+fGk7I/aBiMqX0AJTvW+8
I56nkmBm
=JI5Y
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list