Relevance of PGP?
Edward Ned Harvey
blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org
Sat Jun 11 09:14:12 EDT 2011
> From: Bill Ricker [mailto:bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org]
> Sent: Friday, June 10, 2011 9:35 AM
>
> a signature with a free CA cert deserves no trust - it verifies the
> email address was the email address on a certain date only.
Same as PGP.
The only reason you might trust PGP more is because you were talking to the
person on the phone when they said "I'm sending you my signature now." or
you got their signature via some other means, which you feel is externally
verifiable somehow. It's the external context that gives you more trust.
But you can certainly establish all the same external context using S/MIME
or PGP alike. The only difference is whether or not you HAVE TO establish
external context.
More information about the Discuss
mailing list