On 28/08/14 00:58, Steve Jones wrote: > On Sat, 23 Aug 2014 12:56:11 +0200 > Philip Jackson <philip.jack...@nordnet.fr> wrote: > >> - the email address belongs to a person who does control the key and >> he may or may not be the person named in the email address. I am >> risking my secrets with an unknown person. I had better take care of >> the nature of those secrets. It looks like this is the case covered >> by your original post. > > Presumably you have an email address of the person for some reason, > whether or not you want to send secrets to that address depends on > where you got it. What you want to know is: how do you send those > secrets securely? If the keyserver has certified the key with a > challenge response protocol you've got your answer. > > Ideally you'd have an email address and a fingerprint, but often you > don't.
Whether or not I want to send secrets to a person depends on lots of things. I think at present that I would be unlikely to send any important secret by email. I cannot imagine my confidence levels on the person's identity or trustworthiness being enhanced at all by a keyserver process alone. Not even if the keyserver were linked to a lie detector :-) The question would always remain "Who is pulling his strings ?"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
