I think a bit of opportunistic encryption without proper identity verification can be a very good thing. I was just pointing out that you need to know the limits of that way of working, and make a conscious decision whether you need proper verification or not.
But I didn't indicate that clearly enough. HTH, Peter. PS: By the way, my ISP and some of it's employees are in a perfect position to do a man in the middle. I sure hope they can't "just hack my system" because of that position. The one capability certainly does not imply the other. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
