basic identity mgmt

Andrew Gallagher andrewg at
Sun Jan 17 04:06:36 CET 2016

> On 17 Jan 2016, at 02:19, Doug Barton <dougb at> wrote:.
> OTOH, PGP is designed primarily to establish trust relationships between people, with human review of the results an integral part of the process.

That may have been the initial motivation. But consider that the most common real world use of PGP today is verification of code signatures - many of which are generated semi-automatically by build infrastructures such as Debian and verified by install tools. The trust relationship here is between your client and a build server, not people.

> Glossing over authentication (because there's no real use case for those keys yet), 

Two factor ssh smart card auth? I use it nearly every day - much more often than encrypted mail. I don't think anyone has sent me an encrypted mail in over a year, and the last one was about signing a PGP key. ;-)


More information about the Gnupg-users mailing list