Forgive my taking another whack at this horse. The illustrative opportunity was too precious to pass up.
* On 2002.07.22, in <[EMAIL PROTECTED]>, * "Derrick 'dman' Hudson" <[EMAIL PROTECTED]> wrote: > | > | Generally yes but not on all mailing lists. To take your > | mail as an example, I don't see any advantage; > > As long as you don't trust my key, then there is limited advantage. > > | the only thing I know for sure (with a sucessfully verified > | signature) is that someone with your name really signed a mail with > | a key containing your user id. > > Which is useful because you at least know that I'm not being > impersonated. Not really. We might only know the key you usually use is not being misused -- if we even know which key you usually use. I don't, and I haven't assigned trust to your key, and I have no trust path to your key, so I liekly wouldn't notice the difference. But anyone can make a pretty good substitute for you without much trouble. > If, at some point, you trust my key then you'll know a lot more about > the messages (both new and old ones, as long as the same key was > used). Perhaps. You need to check pretty thoroughly to be sure. (For this message, you'd have to specifically notice that (a) the key is not on your keyring, but it should be, or (b) the key is not as trusted as it should be.) This impersonation key expires tomorrow. I'll remove it from my keyring now. -- -D. Fresh fruit enriches everyone. Takes the thirst Sun Project, APC/UCCO out of everyday time. A pure whiff of oxygen, University of Chicago painting over a monochrome world in primary colors. [EMAIL PROTECTED] We all know that. It's why everyone loves fruit.
msg29828/pgp00000.pgp
Description: PGP signature
