-----BEGIN PGP SIGNED MESSAGE----- sameer@c2.org wrote: (> Black Unicorn <unicorn@schloss.li> wrote:)
(Sigh). I'll say it yet a third time. Get a current copy of my key which is signed by at least three people on the web of trust.
As if this "web of trust" was actually worth something.
It is most certainly worth something, as long as the participants exercise the necessary measures to detect and correct any active attacks on it. The primary reason that the Web O Trust is ineffective at this point is the prevalence of misunderstandings among users (including cypherpunks) about its usage and its efficacy. As an example of these prevalent misunderstandings, I submit to you the fact that PGP keyservers do not use PGP, either for encryption or authentication. If you suggest it to them (or indeed, to most cypherpunks) they will respond that it would "do no good". Ridiculous. It's a shame really, since if we _did_ have the wits to create a Web O Trust now, it would serve to prevent active attacks in the future. Hopefully the public key infrastructure people will come up with something that will replace the WoT and will be more understandable or acceptable to people. In the meantime, I cannot have much confidence in the security of my private communications with Black Unicorn, which makes me hesitant to exchange money with him. Unfortunate that cypherpunks are so ineffectual when it comes to "social engineering" (not in the "social cracking" sense). Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMYSB8kjbHy8sKZitAQEuhwL/YDwOJB9pFP2Fbj0DBMvN8byLm4O3XwTK klt5SOkS4ahKoE04bzTAMb2HhyX4xGyGxJD/dbB0FxJSHRSpI5Th/6Jk6UNNQrMe 6GppN1HO2yHA5muxNxwWiERk0XGNtaFN =jMKu -----END PGP SIGNATURE-----