Key Discovery Made Simple
Ingo Klöcker
kloecker at kde.org
Thu Sep 8 15:24:49 CEST 2016
On Wednesday 07 September 2016 22:20:42 Christopher Beck wrote:
> Hi,
>
> just a (maybe) stupid question: the matching key to my recipient can be
> fetched by keyservers and i determine the korrect key of all of the
> (sometimes "wrong" keys") by vaidating the signatures according to the WoT.
> So, what's the benefit of this new key service? It sounds much more
> complicated (and un- trusworthy) than just using the WoT.
The WoT won't help you if the key isn't part of the WoT. That's the whole
point of the new tofu trust model and the EasyGPG project. This new key
service complements the tofu trust model in that it (kind of) guarantees that
the email address/user id on the key is legitimate (provided the provider of
the key service is trustworthy).
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160908/566b4b4f/attachment.sig>
More information about the Gnupg-users
mailing list