On Wed, 2006-03-08 at 17:11 +0000, Julian Mehnle wrote:
[..]
So how could affiliation be determined? There is such a concept as "trust"
in PGP, but it is by definition always local and never publicly attached
to keys, and it really means "I trust this person to correctly assert the
authenticity of other keys", not "I trust this person not to abuse my
domain in their mails".
Yes, my favourite topic: using PGP for mail verification.
For me it also goes: not correctly PGP signed then it is not from me.
There is actually already a provision for automatically and distributed
checking of signatures. You should kick Werner Koch (cc'd) about this as
he knows the full details of this can be setup.
See the following one for a lot more details on this:
http://lists.gnupg.org/pipermail/gnupg-users/2005-August/026388.html
Greets,
Jeroen
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part