Slightly OT - i need the proper wording for a signed document

Stefan Claas stefan.claas at posteo.de
Thu Nov 1 20:45:17 CET 2018


On Thu, 1 Nov 2018 20:14:19 +0100, Wiktor Kwapisiewicz wrote:
> On 01.11.2018 11:19, stefan.claas at posteo.de wrote:
> > And this is the problem i have since 1994/95... For me signatures
> > made with PGP / GnuPG have no weight, for several reasons, except
> > those made from Governikus and maybe CT Magazine signed keys.  
> 
> I, for one, like the OpenPGP's approach of "choose your own trust
> model". Someone will trust Governikus, someone will trust random
> internet people, someone will marginally trust them or a selected set
> of people they think are trustworthy. (By the way too bad that
> Governikus doesn't add Policy URLs to their signatures [0], it would
> be easier to read about their procedures for people that don't know
> them).

Well, i like GnuPG too because you can use and run it on an
off-line computer for example. But, like i said the signatures, in all
the years i have used GnuPG, have no weight for me except for
cryptographically securing documents content or files from tampering,
from people which i personally don't know, when it comes to the
classical WoT.

I think it is also very sad, that after all the years, afaik only
Governikus offers such a service. I am not aware of any other CA in
in the world which work the same.
 
> Of course, this comes at the expense of user friendliness but there
> are already easier trust alternatives in GnuPG (e.g. TOFU).

Yes, in CLI mode, when using not a MUA, i use TOFU too and think it
is a very nice addition.

Regards
Stefan
 

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas



More information about the Gnupg-users mailing list