* Ailbhe Leamy [EMAIL PROTECTED] wrote:
On (14/09/01 15:00), David T-G wrote:
...and then Ailbhe Leamy said...
% On (14/09/01 09:41), David T-G wrote:
[attribs snipped, because it's basically a David-Ailbhe-David
discussion so far]
snip
% Yes, but _why_?
Why use PGP/GPG? Because it should be mainstream and available
to all, it should be easy to use and familiar to all, and private
communication should be both avaiable and commonplace rather than
challenging and noteworthy.
OK, all of this I understand. I completely fail to understand why it
should apply to public communication, as distinct from private
communication.
Might it be to establish precedent? I sign my mailinglist submissions
and my key winds up on the keyring of those that setup mutt to do the
right thing. Now that does not create a WoT, but if I meet any of you
face to face and we exchange keys you will have my key already making
it easy(er) to verify that the key you recived IRL is the real thing.
snip
All of these are good reasons, and I understand that if in the past you
have been a victim of malicious forgery, or anything else, you'd want
to make sure it couldn't happen again. But I don't see how pgp-signing
things to a public mailing list ensures that.
Common use of GPG/PGP has to start somewhere, why not in the open.
By signing mailinglist submissions you key public key exposure(sp)
% distribution to a mailing list? You are aware of the fact that there
% are archives?
Yes. I must admit that I don't see your point here, though.
Well, if I read your mail using a browser to access the archives, I
absolutely cannot verify whether your pgp signature is good, bad, or
yellow.
Archives that strip pgp signatures are as bad as mime-sweeper doing
the same thing under the flag of virus protection (arh blech spit).
snip good, civilized discussion on pki in actual use
Fascinated,
Ailbhe
AOL
/guido
--
Quidquid latine dictum sit, altum viditur.
PGP signature