incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: key signing
Date Mon, 08 Oct 2012 15:51:41 GMT
On 08.10.2012 17:43, Marvin Humphrey wrote:
> On Mon, Oct 8, 2012 at 7:36 AM, Branko ─îibej <brane@apache.org> wrote:
>> What guarantee do you have that a particular Skype ID is whoever you
>> think it is? None at all, unless the person involved looked at your
>> Skype contact list and said, yeah, that's me. Likewise for Google
>> Hangout. As long as they're doing that, they might as well verify the
>> signature fingerprint in your PGP keyring.
>>
>> In this respect e-mail is just as secure, so why don't we all just sign
>> keys because someone claiming to be from from Chad sent us a mail asking
>> us for a signature?
>>
>> Really.
> Is it your position that this excerpt from the GnuPG docs is wrong?
>
>     This may be done in person or over the phone or through any other
>     means as long as you can guarantee that you are communicating with
>     the key's true owner.

It says clearly, "as long as you can guarantee that you are
communicating with the key's true owner." Which was exactly my point.

-- Brane


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message