On Wed, Dec 7, 2016 at 8:36 PM, Bjarni Runar Einarsson <[email protected]> wrote: > Signatures don't just prove that the content is authentic, in > practice they also work in the other direction - associating > content and online identity with the signing key.
Why attaching your public key to every e-mail you send doesn't serve this purpose in the same degree? Note that if someone was in a position to tamper with the attached public key, they could have also tampered with the signature by replacing it with a signature signed by a key they control. > A large amount of e-mails, consistently authored by the same > persona and signed by the same key is as strong a signal of > trustworthiness (of the key) as anything the web of trust or > keyservers can provide. In many ways, it's stronger and more > practical, because I probably care more about communicating with > the person that wrote all those messages, than I care about > government issued IDs or how diligent the author is at updating > keyservers or attending keysigning parties. Cheers, Robert _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
