incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: key signing
Date Mon, 08 Oct 2012 15:43:00 GMT
On Mon, Oct 8, 2012 at 7:36 AM, Branko ─îibej <brane@apache.org> wrote:
> What guarantee do you have that a particular Skype ID is whoever you
> think it is? None at all, unless the person involved looked at your
> Skype contact list and said, yeah, that's me. Likewise for Google
> Hangout. As long as they're doing that, they might as well verify the
> signature fingerprint in your PGP keyring.
>
> In this respect e-mail is just as secure, so why don't we all just sign
> keys because someone claiming to be from from Chad sent us a mail asking
> us for a signature?
>
> Really.

Is it your position that this excerpt from the GnuPG docs is wrong?

    This may be done in person or over the phone or through any other
    means as long as you can guarantee that you are communicating with
    the key's true owner.

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message