Patrick Brunschwig wrote on 09/08/2018 11:00 AM: > You need to understand how the implementation of the Web of Trust works > in GnuPG. This is nothing to blame on Enigmail. Read here to understand > the web of trust: https://wiki.gnupg.org/WebOfTrust
I understand the web of trust, but thank you for the excellent reference. There is nothing in my post which blames Enigmail for anything, nor was there any whinging involved. All I did was identify a simple procedural fact: In order to encrypt to a particular key, I must first sign that key, affirming that I have check its identity very carefully. The entire question of what it means to check the identity of a key is beyond the scope of Enigmail/GPG, and at no time did I blame Enigmail for posing that challenge to me. In my particular case, I received a key from a complete stranger who I will never meet and whose key is not signed by anyone I trust. I don't view that as a problem at all. I simply sign the key and affirm that I have checked its identity. All that means is that whenever I correspond with that individual, I can be sure it is the SAME individual who originally sent me the key. That's all I actually care about, and is why I brought up the analogy with ssh's "trust on first use." I could bootstrap an entire working relationship with this individual lasting years based only on that initial event. Again, my post was in no way a complaint. It was simply a process of discovery. Yes there were a few snarks such as "white lie," but honestly I have no complaint about the way Enigmail/GPG works. -- Patrick _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net