[SGVLUG] Keysigning
Dustin Laurence
dllaurence at dslextreme.com
Sat Nov 30 10:06:27 PST 2013
On 11/30/2013 09:43 AM, John Kreznar wrote:
> In the frequent case where the parties have an opportunity to verify
> keys out of band, signatures on the keys add nothing. The main effect
> of the web of trust seems to be to unnecessarily complicate PGP for
> newbies.
As an additional note, this is simply untrue whatever the virtues of the
Web of Trust. If you ignore it, you get every single thing you would
get if there were no web of trust. It is simply a Best Practice to get
more security out of the system, but if you choose not to use it you get
all the same security (or lack of it) that you would have if Phil had
never invented the web of trust. If someone doesn't trust your
signature because of the WoT, very likely they would simply not trust
your PGP signature without the WoT either, because if the issue it
mitigates matters to you, PGP is more or less useless without the WoT.
If they actually verified your signature by some more direct means, then
they've signed your key and now the WoT isn't an obstacle.
Dustin
More information about the SGVLUG
mailing list