On 08.10.2012 17:43, Marvin Humphrey wrote: > On Mon, Oct 8, 2012 at 7:36 AM, Branko Čibej <br...@apache.org> wrote: >> What guarantee do you have that a particular Skype ID is whoever you >> think it is? None at all, unless the person involved looked at your >> Skype contact list and said, yeah, that's me. Likewise for Google >> Hangout. As long as they're doing that, they might as well verify the >> signature fingerprint in your PGP keyring. >> >> In this respect e-mail is just as secure, so why don't we all just sign >> keys because someone claiming to be from from Chad sent us a mail asking >> us for a signature? >> >> Really. > Is it your position that this excerpt from the GnuPG docs is wrong? > > This may be done in person or over the phone or through any other > means as long as you can guarantee that you are communicating with > the key's true owner.
It says clearly, "as long as you can guarantee that you are communicating with the key's true owner." Which was exactly my point. -- Brane --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org