Juergen BRUCKNER wrote: > Hi Stefan > > Thats not the approach PGP pursues. > PGP was, is and should continue to be decentralized in the future. It > was never really intended to validate identities in a wide circle, but > to secure communication, and - im parts - to ensure the integrity of > software.
Well, the integrity of software can also be shown with a simple hash value posted, because I can not verify if the sig belongs to person xyz, even when he / she has a lot of fan sigs from people unknown to me. So, why then all this sigs stuff, Mr Zimmermann invented, while no other public key crypto software has such functionallity? > The so-called WOT has proven to me in the field of PGP and does not > really need central instances Why do you or other people think it is central, when we would have many CAs in place, each one not connected to the other one? And even if it would be run by one CA people don't trust, they could trust the CA sig, if the signing procedure would be correct. I for example do not trust third party sigs from regular users, because I have withnessed that also people sign other peoples keys out of the blue, while never ever contacting the person who owns the key ... > > Am 07.12.19 um 21:11 schrieb Stefan Claas: > > Yes, but the is not an OpenPGP 'fault' IHMO, it is caused by users and > > the OpenPGP community in general, not accepting CAs and still relying > > on the classical WoT. > > > > Maybe we should ask ourselves why we not have more (free) CAs for > > the OpenPGP ecosystem (wish we had more like Governikus ...) Regards Stefan -- box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users