FWIW, I use the following analogy: I have a secure steel mailbox, located on a street corner - just like the Post Office does - that I visit occasionally to collect the mail that my correspondents have deposited there. The only difference between my box and those owned and operated by the Post Office is that on my box, there is a second lock and key, one that is required to open the slot by which the letters are deposited into the mailbox. Copies of that key I give freely to all that want to securely send me a message. This is the public key: it is useless for retrieving the messages from the box, it can be used only to deposit them.
Just like the Post Office, I have another, private key, which is in my possession only, and which I must keep protected. This one opens the back cover of the steel box, one through which I, just like the post office collection truck operator, retrieve all the letters from the mailbox. The set of two keys, private and public, are mathematically related in a unique way. The public key is thus also useful to confirm that the message is deposited in my box, as opposed to somebody else's box that happens to be located on the same street corner. I advise those that I teach how to use GPG to completely ignore WOT and key-signing, and to rely on rigorous out-of-channel key fingerprint verification. If they don't, they could be depositing their messages into an imposter's box, who could read them, and (since he, like everybody else, is likely to be in the possession of my public key) afterward deposit them in my mailbox. Neither I, nor the message sender would know that such message has been read by the imposter. Teaching those that don't have a very concrete idea of the cost to themselves and/or to their correspondents in case the content of their communication is compromised is a waste of time: they lack the motivation to put in the considerable effort that is necessary to effectively use (as opposed to just "go through the motions") of something as complex as GPG. Advocating for the adoption of encrypted communication as a matter of personal policy or principle, in conjunction with teaching the use of a complex software system necessary to do it is, IMHO, a big mistake. Listo Factor _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
