a few more words about
"marginal" tust I would assign marginal trust to (e.g.) x.509 certificates which are signed by "certificate authorities". these are passed out like fliers at the fair creating a huge attack surface. each of us needs only a few of these, one for the credit union, one for (e.g.) Amazon -- just those sites that we do commercial business with . Marginal trust might be OK to browse a news site but that's another topic . getting from marginal trust to full trust requires a SECOND VERIFICATION. In my view this service should be available at local credit unions, perhaps the DMV office -- places that already need to vet and authenticate identification records. we need to extend this to the individual as well, while we're at it -- ENIGMAIL should be able to export a public key onto a USB Thumb drive that the use can take to the Credit Union or DMV -- to get it countersigned -- and uploaded to the key server. this is neede to proceed with PGP security for things like IRS Forms 1040 filings ... a PGP signature is rather more secure than simply knowing the AGI on line 22 from last year's form -- which is a total kindergarten effort at security . On 09/20/2015 08:38 AM, Mike Acker
wrote:
if you want a third light it could be for the trust level established for the senders key: -- /Mike |
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net