* Ailbhe Leamy <[EMAIL PROTECTED]> wrote:
> On (14/09/01 15:00), David T-G wrote:
>
> > ...and then Ailbhe Leamy said...
> % On (14/09/01 09:41), David T-G wrote:
> [attribs snipped, because it's basically a David-Ailbhe-David
> discussion so far]
>
<snip>
> > % Yes, but _why_?
> >
> > Why use PGP/GPG? Because it should be mainstream and available
> > to all, it should be easy to use and familiar to all, and private
> > communication should be both avaiable and commonplace rather than
> > challenging and noteworthy.
>
> OK, all of this I understand. I completely fail to understand why it
> should apply to public communication, as distinct from private
> communication.
Might it be to establish precedent? I sign my mailinglist submissions
and my key winds up on the keyring of those that setup mutt to do the
right thing. Now that does not create a WoT, but if I meet any of you
face to face and we exchange keys you will have my key already making
it easy(er) to verify that the key you recived IRL is the real thing.
<snip>
> All of these are good reasons, and I understand that if in the past you
> have been a victim of malicious forgery, or anything else, you'd want
> to make sure it couldn't happen again. But I don't see how pgp-signing
> things to a public mailing list ensures that.
Common use of GPG/PGP has to start somewhere, why not in the open.
By signing mailinglist submissions you key public key exposure(sp)
>
> > % distribution to a mailing list? You are aware of the fact that there
> > % are archives?
> >
> > Yes. I must admit that I don't see your point here, though.
>
> Well, if I read your mail using a browser to access the archives, I
> absolutely cannot verify whether your pgp signature is good, bad, or
> yellow.
Archives that strip pgp signatures are as bad as mime-sweeper doing
the same thing under the flag of virus protection (arh blech spit).
<snip good, civilized discussion on pki in actual use>
> Fascinated,
>
> Ailbhe
<AOL>
/guido
--
Quidquid latine dictum sit, altum viditur.
PGP signature
