On Wed 2017-05-31 12:00:25 +0200, Stefan Claas wrote:
> Am 31.05.2017 um 03:43 schrieb Phil Pennock:
>> It's unfortunate really that the default is to make public attestations,
>> telling the world "trust me, this key belongs to this person" instead of
>> locally useful data and then, only once som
Am 31.05.2017 um 03:43 schrieb Phil Pennock:
It's unfortunate really that the default is to make public attestations,
telling the world "trust me, this key belongs to this person" instead of
locally useful data and then, only once someone knows what they're
doing, offering them the option to act
Am 31.05.2017 um 01:22 schrieb Damien Goutte-Gattat:
Hi,
On 05/30/2017 09:25 PM, Stefan Claas wrote:
The classical procedure would be to sign a key with a sig3 after seeing
the persons id-card in a real meeting. But who guarantees that the
id-card is not fake (if the person is a complete stran
I don't recommend that anyone make a sig1, sig2, or sig3 for any
third-party certification (sig3 is fine for self-signatures, where the
keyholder asserts their own identity).
sig0 -- the default, generic certification -- is fine, does what people
need of it, and doesn't intentionally leak any m
On 2017-05-30 at 21:25 +0200, Stefan Claas wrote:
> Let's assume we would exchange signed emails (PGP/SMIME) would these proofs
> be enough for you to warrant a sig2? And for a sig3 an additional video
> conference?
No. A public signature is an attestation to others of identity. If
it's based on
Hi,
On 05/30/2017 09:25 PM, Stefan Claas wrote:
The classical procedure would be to sign a key with a sig3 after seeing
the persons id-card in a real meeting. But who guarantees that the
id-card is not fake (if the person is a complete stranger)?
Well, no one. You rely on the ability of the si
On Tue 2017-05-30 21:25:24 +0200, Stefan Claas wrote:
> Let's assume we would exchange signed emails (PGP/SMIME) would these proofs
> be enough for you to warrant a sig2? And for a sig3 an additional video
> conference?
>
> The classical procedure would be to sign a key with a sig3 after seeing
> t
Hi all,
while i am not new to GnuPG i must admit that i did not used it very often
and when i had signed/encrypted email communications i usually had the
"Untrusted Good Signature" from person x,x,z, because i am not a member
of the classic Web-of-Trust. So far so good. I'm interested about your
t
