gmail smime, sends two messages one is not encrypted. Experience?
sac at 300baud.de
Sat Dec 7 21:51:34 CET 2019
Juergen BRUCKNER wrote:
> Hi Stefan
> Thats not the approach PGP pursues.
> PGP was, is and should continue to be decentralized in the future. It
> was never really intended to validate identities in a wide circle, but
> to secure communication, and - im parts - to ensure the integrity of
Well, the integrity of software can also be shown with a simple hash
value posted, because I can not verify if the sig belongs to person
xyz, even when he / she has a lot of fan sigs from people unknown to
So, why then all this sigs stuff, Mr Zimmermann invented, while no
other public key crypto software has such functionallity?
> The so-called WOT has proven to me in the field of PGP and does not
> really need central instances
Why do you or other people think it is central, when we would
have many CAs in place, each one not connected to the other one?
And even if it would be run by one CA people don't trust, they could
trust the CA sig, if the signing procedure would be correct.
I for example do not trust third party sigs from regular users,
because I have withnessed that also people sign other peoples
keys out of the blue, while never ever contacting the person who
owns the key ...
> Am 07.12.19 um 21:11 schrieb Stefan Claas:
> > Yes, but the is not an OpenPGP 'fault' IHMO, it is caused by users and
> > the OpenPGP community in general, not accepting CAs and still relying
> > on the classical WoT.
> > Maybe we should ask ourselves why we not have more (free) CAs for
> > the OpenPGP ecosystem (wish we had more like Governikus ...)
certified OpenPGP key blocks available on keybase.io/stefan_claas
More information about the Gnupg-users