[Top] [All Lists]

Re: [openpgp] Manifesto - who is the new OpenPGP for?

2015-03-26 14:46:43
Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:

On Wed, Mar 25, 2015 at 6:25 PM, Christoph Anton Mitterer
<calestyo(_at_)scientia(_dot_)net> wrote:
On Wed, 2015-03-25 at 22:56 -0500, Phillip Hallam-Baker wrote:
Web of Trust is a fine academic
theory but it is not how OpenPGP is really used in the real world.
How else do you use it?

I see people using fingerprints directly mostly. Some download them
from key servers.

By Web of Trust I mean actually following a chain to check a key.

I walked a colleague through doing that today: she needs to send me a
secret, and I can't take time to call her and read a fingerprint.
Fortunately, my key had been signed by many other colleagues, and she
had trusted keys from a few of them.  It worked exactly as designed.

It's similarly helpful for new peole joining that group---new staff, in
that case.  This is just an anecdote, of course, but so is "I have
never...".  I expect there are little cells of WoT usage scattered
around, and little cells of blind trust, and little cells of
read-the-fingerprint---when strangers meet.

No, I think there are quite a few things that we can do today that
change the WoT game. People carry smart phones with near field
communication, barcode, cameras. So signing can be made a lot simpler.

I would be interested to see a tag on keysignatures.  That would let me
play with automatic signatures and such without polluting the WoT.  I
don't directly see how to do this---is this what "Key Endorsements" are
for in


Brian Sniffen
"I reserve the right to evolve my views, and state that views I previously
 expressed may have been somewhere along the spectrum from insufficiently
 nuanced through ill-informed to dead wrong."

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>