On 1/3/2014 3:33 AM, Doug Barton wrote: > This threat model doesn't make a lot of sense, except for very naive > users who cannot distinguish the importance of a message that is > encrypted vs. a message (encrypted or not) which is signed.
I'm going to cautiously disagree. What we call "very naive users" account for the vast majority of GnuPG users. Unfortunately, that's as far as my disagreement goes. I see what Hauke's getting at, but I disagree that it really amounts to much of a problem, or that his proposed fix would work. The real problem Hauke's discovered is, "people generally don't have the educational background to think formally and critically about trust." Which is, well, true -- but that one's a hell of a hard problem to solve. Everything else (including "sign-encrypt-sign" schemes) amounts to just ways to try to dodge the real issue. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users