On Thu, Oct 10, 2013 at 04:24:19PM -0700, Glenn Willen wrote: > I am going to be interested to hear what the rest of the list says about > this, because this definitely contradicts what has been presented to me as > 'standard practice' for PGP use -- verifying identity using government issued > ID, and completely ignoring personal knowledge.
This obviously ignores the threat model of official fake IDs. This is not just academic for some users. Plus, if you're e.g. linking up with known friends in RetroShare (which implements identities via PGP keys, and degrees of trust (none/marginal/full) by signatures, and allows you to tune your co-operative variables (Anonymous routing/discovery/ forums/channels/use a direct source, if available) depending on the degree of trust. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
