-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/1/2015 11:51 PM, Guan Xin wrote: > On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen <r...@sixdemonbag.org> wrote: <snip> >> So sure, yes, without identity verification it's hard to have confidence >> in someone's legal identity, absolutely. But even with identity >> verification, most people don't even bother to check to see that >> the signing certificate's email address matches the one on the >> email. > > It's sad to hear that anyone takes it seriously to check that a > certificate's email address matches the originating mail address. > This really messes things up in the sense that it causes additional > inconvenience with little benefit.
Sorry to just jump in here but I've been following the conversation and this caught my eye. While checking the email address associated with a key might not /always/ be useful (like in the case of IM, fax, etc), it /can/ help provide 'evidence' that a key might have been compromised. If I receive an email from an email address that is different from that on the key, the very first thing I would do is email the key holder at their known address and ask what's up. It could very well be a case where the key has been compromised but the email address hasn't and the key holder doesn't know. Anthony - -- Phone: +1.845.666.1114 Skype: CajunTechie SIP/VoIP: 17772471...@in.callcentric.com PGP Key: 0x53B04B15 Fingerprint: C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJWDg+lAAoJEAKK33RTsEsVyd8QALMR+iKmKl9bKK1oib+pi9qa s5H+q9wohsj51bPU89VakTvc7vQQFssO1HdnATk3vSDpfUX0NQCyDhZd8Qw6Wijd LCjRoyuY3SKvoWUww4iklHofVzGrATUU4EHyz9u6m6X1V9bsNPLiwbnZPr+vp/08 Xte8YmZs0z9yRJl2aclySutQa7oLbiHD8iuU++4Kj2q5g8fy/Hi6Kz1A3/j1zXLd S5TxIWzYqlbt/4IpIdJmcgP0WwKkINwzBW0yAx9+JWflJ57B81oWdXYXN2QRMraZ JKQgD0KVjHt1HuD2k3gTZKAdqPU22LI3rAk9yQu1AgAYmAFdGx1MpjLxvhkBnQBk +uEhmCNh0x/g7RM9GKjPYTKkEI2VLlsw3MfTE44RJJyH5NexJZkqV0/7JAF5EWI+ QX7PsPOKQZb0CpK2zWvvFFKmLS46Val54O+2iBw5pmh64733/htEhXoHILHhE18+ CSfa+mWMZkxcZvehZkZAf1jKveKPy1sl2nfu9C804tufCN8QRt2/YgxTJJhVUwSk rsIXPy80PS/DilPt4exp9cZ6loytzPd43BVPalSmP8UvyP5CFH8zgw/wKoqwiVyu 4oeZwH1lFdsM/b2R0TBZ2a/jkVDpgEFBthCCA2s6EniCmcjr2og1tdT8E91uU84d 2cSDFlQ3W2Y6KtnOVNEm =oVTg -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
