I have removed the attribution of this comment on purpose, because it applies
to multiple people, and I want to attack a behaviour, not a person:
>> This is what I mean by "a high bar." Signing someone's PGP key should
mean
>> "I know this person as X," not "this person is X."
> Dilution of trust is a problem with PGP. "I know this person as X" is way
too
> lax if you want the system to scale.
Frankly, this is an example of pseudo-security “uphill and in the snow both
ways” that has meant that, 20 years after S/MIME and PGP, almost nobody
uses this stuff, even for the most elementary of things.
Remember: "better is the enemy of good enough".
To all the people who posted to this thread about how they don't know what
a PGP key signature means, and who did not PGP or S/MIME their email:
Stop getting in the way.
This is how an NSA mole would derail things: claim it needs to be better
--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
pgp5GRKIONrzp.pgp
Description: PGP signature