On 2/28/11 12:10 PM, David Shaw wrote: > Well, I suppose that's up to you whether you want to trust RM or not. > A question on trustworthiness is outside crypto, and not what the > discussion was about here in any event.
First it was, "even signatures from non-validated keys belonging to non-trusted persons can be significant, because it establishes continuity of communications." Now it's, "a question on trustworthiness is outside crypto." Which is it? Are signatures from non-validated keys belonging to non-trusted persons significant, or is trust outside the world of crypto? Ultimately, it's perfectly reasonable to say "I trust that RM is not screwing with me, and I trust that the key with fingerprint [...] really belongs to him," and from there bootstrap into getting significant signatures. But that doesn't invalidate the point of signatures needing (a) be correct, (b) come from validated keys which (c) belong to trusted persons. You're just saying, "I will trust whom I will trust, and I am assuming the validity of this key." _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
