On Thu, 1 Nov 2018 20:14:19 +0100, Wiktor Kwapisiewicz wrote: > On 01.11.2018 11:19, stefan.cl...@posteo.de wrote: > > And this is the problem i have since 1994/95... For me signatures > > made with PGP / GnuPG have no weight, for several reasons, except > > those made from Governikus and maybe CT Magazine signed keys. > > I, for one, like the OpenPGP's approach of "choose your own trust > model". Someone will trust Governikus, someone will trust random > internet people, someone will marginally trust them or a selected set > of people they think are trustworthy. (By the way too bad that > Governikus doesn't add Policy URLs to their signatures [0], it would > be easier to read about their procedures for people that don't know > them).
Well, i like GnuPG too because you can use and run it on an off-line computer for example. But, like i said the signatures, in all the years i have used GnuPG, have no weight for me except for cryptographically securing documents content or files from tampering, from people which i personally don't know, when it comes to the classical WoT. I think it is also very sad, that after all the years, afaik only Governikus offers such a service. I am not aware of any other CA in in the world which work the same. > Of course, this comes at the expense of user friendliness but there > are already easier trust alternatives in GnuPG (e.g. TOFU). Yes, in CLI mode, when using not a MUA, i use TOFU too and think it is a very nice addition. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users