> I disagree with this. Obviously a bad signature doesn't say much (except > perhaps "check your mail system - it's breaking things"), but there is still > value in the continuity between multiple signed messages. It's important to > not make of that more than it is: for all I know there are 200 people all > sharing key 1CF3A917, but it does raise the bar for someone who wants to > claim to be Martin.
I used to believe this, up until John Moore, John Clizbe and I did a small experiment on PGP-Basics. We all shared a certificate and used it to sign our emails. It was literally weeks before anyone noticed. Continuity is a great idea, but based on my own (limited and anecdotal) experience, it does not play a significant role in the real world. Unfortunately, I don't have anything more empirical to stand upon than that one ad-hoc experiment! _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
