mirimir at riseup.net
Thu Sep 1 08:34:58 CEST 2016
On 09/01/2016 12:02 AM, Werner Koch wrote:
> On Thu, 1 Sep 2016 02:55, mirimir at riseup.net said:
>> verification of meatspace identity is a benefit, no? There's no
>> privacy in attending a key signing party, is there?
> I have long stopped to consider key signing parties a useful thing.
> The WoT is helpful but is independent of such events. The better
> way of providing assurance to always talk to the same key is TOFU.
Ensuring that you keep talking to the same key is pretty easy. The
hard thing is knowing what key is correct for someone who's defined
only by an online presence. Where you have no WoT overlap. Comparing
public keys from multiple sources is workable, but tedious. Very cool
would be a tool to automate that, protect the keyring from corruption,
and remove any cruft. Maybe TOFU could do that?
More information about the Gnupg-users