How to get your first key signed

Robert J. Hansen rjh at
Thu Oct 1 22:01:19 CEST 2015

> Doesn't all decent e-mail clients automagically check if a signature is
> legit and matches the known public key?

Probably not "all", but a lot, yes.

The problem comes from you can't force a user to pay attention to a
warning.  Some years ago a friend of mine, Peter Likarish, invented a
browser plugin that would detect phishing sites.  When you hit a
suspected phishing site it would display a big red banner across the top
of the screen.  In controlled usability trials (he was a university
researcher), not a single person noticed the big red banner across the
top of the screen.  In exit interviews those who did notice it said they
assumed it was a banner ad and they just ignored it.

Users have become so accustomed to advertisements trying to attract
their attention that it's actually become difficult for apps to warn
people of real dangers.  This is a real concern in the usability field.
 It's a hard problem.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1016 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151001/c3e831f2/attachment-0001.sig>

More information about the Gnupg-users mailing list