On 3/25/15 at 11:42 PM, jek(_at_)ininx(_dot_)com (John Kreznar) wrote:
Christoph Anton Mitterer <calestyo(_at_)scientia(_dot_)net> writes:
On Wed, 2015-03-25 at 22:56 -0500, Phillip Hallam-Baker wrote:
Web of Trust is a fine academic
theory but it is not how OpenPGP is really used in the real world.
Lol?
How else do you use it?
Speaking as a PGP user of over 20 years, I can say that I've NEVER used
the web of trust. The way I really use it is to exchange keys with a
correspondent in plain text and confirm fingerprints out of band.
I used the WoT once to validate a key. The key I validated was
my own. I was at work, and my key was at home and on a key
server. I wanted to send some company confidential data home, so
I down loaded my key from the key server. My key had been signed
by Carl Ellison, and I had a copy of Carl's business card with
his key fingerprint. I check the fingerprint against Carl's
signature, and had enough faith in my own key to use it.
Life does bring up some strange uses.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said
users haven't
www.pwpconsult.com | learned anything about security?" -- Bruce Schneier
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp