[Top] [All Lists]

Re: [openpgp] Manifesto - who is the new OpenPGP for?

2015-03-26 15:55:03
On 3/25/15 at 11:42 PM, jek(_at_)ininx(_dot_)com (John Kreznar) wrote:

Christoph Anton Mitterer <calestyo(_at_)scientia(_dot_)net> writes:

On Wed, 2015-03-25 at 22:56 -0500, Phillip Hallam-Baker wrote:
Web of Trust is a fine academic
theory but it is not how OpenPGP is really used in the real world.
How else do you use it?

Speaking as a PGP user of over 20 years, I can say that I've NEVER used
the web of trust.  The way I really use it is to exchange keys with a
correspondent in plain text and confirm fingerprints out of band.

I used the WoT once to validate a key. The key I validated was my own. I was at work, and my key was at home and on a key server. I wanted to send some company confidential data home, so I down loaded my key from the key server. My key had been signed by Carl Ellison, and I had a copy of Carl's business card with his key fingerprint. I check the fingerprint against Carl's signature, and had enough faith in my own key to use it.

Life does bring up some strange uses.

Cheers - Bill

Bill Frantz        |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't | learned anything about security?" -- Bruce Schneier

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>