On 17/01/16 21:00, Doug Barton wrote:
> You glossed over the points in my previous messages about the fact
> that we cannot know for sure if the person sending the message is
> actually who we think it is [...]
Well, to me it sounded like you said "Signature subkeys aren't enough by
themselves,
On 1/17/2016 2:17 AM, Peter Lebbing wrote:
On 17/01/16 03:19, Doug Barton wrote:
Further I don't see signing as all that interesting either.
[...]
We can infer things about these topics from our knowledge/beliefs
about the sender, but I can't think of any rational person would go
along with a
On 17/01/16 03:19, Doug Barton wrote:
> Further I don't see signing as all that interesting either.
> [...]
> We can infer things about these topics from our knowledge/beliefs
> about the sender, but I can't think of any rational person would go
> along with a request to "Pay Joe $10,000" just
On 01/15/2016 01:37 PM, Andrew Gallagher wrote:
On 15/01/16 21:02, Doug Barton wrote:
On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
| I've
| worked on several projects for more than one financial institution,
| and airgaps like this are considered barely sufficient for some
| important
On 01/16/2016 07:06 PM, Andrew Gallagher wrote:
On 17 Jan 2016, at 02:19, Doug Barton wrote:.
OTOH, PGP is designed primarily to establish trust relationships between
people, with human review of the results an integral part of the process.
That may have been the
> On 17 Jan 2016, at 02:19, Doug Barton wrote:.
>
> OTOH, PGP is designed primarily to establish trust relationships between
> people, with human review of the results an integral part of the process.
That may have been the initial motivation. But consider that the
On 01/14/2016 11:35 AM, Wendy Oberg wrote:
From: "Doug Barton" [dougb@dougbarton.email]
What is your concern about signing the key?
Not so much a concern. But I might want to make use of the predicate
"key X is valid" without having to sign anything, and without even having a
key.
You
On 01/11/2016 08:35 AM, Lachlan Gunn wrote:
You've already received good answers on your questions, so some
questions for you. :) What is your concern about signing the key?
And are you aware that local signatures will not be communicated
beyond your keyring?
I actually ran
On 15/01/16 19:33, Doug Barton wrote:
> On 01/11/2016 08:35 AM, Lachlan Gunn wrote:
>> For me it's problematic
>> because my certification key is on an offline machine, so it's
>> inconvenient to have to power it up and do a round-trip through the
>> airgap when I'm not going to propagate the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
| On 15/01/16 19:33, Doug Barton wrote:
|> This is a good example of why that method of working with your
|> keys is pointlessly complicated. :)
|
| It's complicated, but not necessarily
On 15/01/16 21:02, Doug Barton wrote:
> On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
> | I've
> | worked on several projects for more than one financial institution,
> | and airgaps like this are considered barely sufficient for some
> | important keys. (Of course in such projects the idea of
From: "Doug Barton" [dougb@dougbarton.email]
> What is your concern about signing the key?
Not so much a concern. But I might want to make use of the predicate
"key X is valid" without having to sign anything, and without even having a
key.
Sounds like the "--tofu-policy good ..." in recent
Hi!
> Do I have to sign it? Is there no way to configure gpg locally to
> say "the info in this key (fingerprint) is accurate", without having
> to sign?
You have to sign it; that's how it works :).
> Is the semantics of signing with lsign or sign "the info in this key
> is accurate"?
Yes.
On 01/10/2016 11:01 PM, Full Name wrote:
Do I have to sign it? Is there no way to configure gpg locally to
say "the info in this key (fingerprint) is accurate", without having
to sign?
If you are using the default trust model ("pgp"), no. In this model, the
validity of a key is only
On 01/10/2016 02:01 PM, Full Name wrote:
Do I have to sign it? Is there no way to configure gpg locally to
say "the info in this key (fingerprint) is accurate", without having
to sign?
Is the semantics of signing with lsign or sign "the info in this key
is accurate"?
You've already received
>
>
>> You've already received good answers on your questions, so some questions
> for you. :) What is your concern about signing the key? And are you aware
> that local signatures will not be communicated beyond your keyring?
I actually ran into this issue the other day. For me it's
Am 11.01.2016 um 17:35 schrieb Lachlan Gunn:
>>
>>
>>> You've already received good answers on your questions, so some questions
>> for you. :) What is your concern about signing the key? And are you aware
>> that local signatures will not be communicated beyond your keyring?
>
>
> I actually
17 matches
Mail list logo