On Thu, Nov 4, 2021 at 1:44 AM Karl <gmkarl@gmail.com> wrote:
do you argue against keysigning because of the dangers produced by spreading documentation of personal connections? it seems like an important trust mechanism to provide for people who can hold any risk of using it.
I used public key cryptography before PGP was invented and how the WoT is managed I do not like. Why give away to third parties the persons who signed your key, instead of local signing, which can be done too? And you can't trust signed pub keys from key signing parties, because people can show fake passports. Nor you can trust signatures made remotely by Joe user average, who simply downloaded your key and gave you a fan sig.
obviously without an out of band channel for cryptographic trust you have no way of knowing anything on the internet is real
But it looks to me that you can handle this, otherwise, you would not use it, right? :-) Regards Stefan