On Mon, Oct 25, 2021 at 5:46 PM Karl <gmkarl@gmail.com> wrote:
On Mon, Oct 25, 2021, 11:04 AM Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
I give you now some ideas you may think about, or not.
As you may know modern sequoia-pgp (Testimonials by Mr Zimmermann) no longer uses the stupid WoT. Stupid keyservers like SKS are thankfully also dead.
Do you call them stupid, and say thankfully, because you've been hurt in the ways you describe further in your email?
I call not people stupid, I call the WoT stupid. People were personally hurt and got in rage, when things happened to their pub keys. One person, I remember, was short before ending his work in the ecosystem because of that.
A person, say a left-winger uploads his pub key to SKS and asks a
How are left-right politics relevant?
As you may know grass-roots organizations, like Mr. Zimmermann mentioned once, are the reason why he created PGP to protect them. With (green party) left-wingers I mean for example people in Germany, which act differently like say a conservative patriot, who would probably use not PGP or crypto. Look for example at EFF, they are also not considered as conservative etc. And those people I call left-wingers would (I strongly assume) not be happy to be in some sort affiliated with persons, like in my example, when this would be public.
Is the backing of your arguments that governments are greater sources of trust than communities?
No, of course not. What I described with the CA example or eIDAS is that people wishing to use those services have a 100 percent guarantee that the pub key really belongs to that person and due to its technically and cryptographically nature you only need one signature. If I created now a key pair, fire it up, and someone else signs it, how much would you trust my key, if you do not know the signees and their procedure used? Regards Stefan