On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote: > On 10/05/12 17:16, Brad Rogers wrote: > > On Thu, 10 May 2012 17:59:34 +0200 > > Ralf Mardorf <[email protected]> wrote: > > > > Hello Ralf, > > > >> This resulted in "Valid signature, but cannot verify sender (Phil > >> Dobbin <[email protected]>)": > > > > Because there's no web of trust involving people that both you and the > > keyholder know. > > > So, the OP signs his mail to a list. I would guess that no web of trust > exists between him and 99.9% of the list members. > > What is the benefit of such a signature? > It establishes identity the identity associated with the signature. If Ralf had been signing his emails for the last 2 years, I would feel confident that I have a valid public key for "Ralf, the guy on the debian-user mailing list, who often answers questions about audio". Of course I don't know if he's "Ralf with black hair", or "Ralf who lives on Main St.", but for my purposes this is good enough.
If I someday want to send an encrypted message to the Ralf that I know (debian-user Ralf), I can do it. For me, knowing Ralf's personal identity is not as important as knowing his online identity because our relationship is online. As long as I don't forget that, then seeing his signature in emails is a potential benefit to me. -Rob -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
