On Thu, Nov 4, 2021, 11:31 AM Stefan Claas < spam.trap.mailing.lists@gmail.com> wrote:
On Thu, Nov 4, 2021 at 1:44 AM Karl <gmkarl@gmail.com> wrote:
do you argue against keysigning because of the dangers produced by spreading documentation of personal connections? it seems like an important trust mechanism to provide for people who can hold any risk of using it.
I used public key cryptography before PGP was invented and how the WoT is managed I do not like.
Why give away to third parties the persons who signed your key, instead of local signing, which can be done too? And you can't trust signed pub keys from key signing parties, because people can show fake passports. Nor you can trust signatures made remotely by Joe user average, who simply downloaded your key and gave you a fan sig.
isn't this coverable by owner trust? my gnupg asks me to specify how much I trust the verifications made by others, before trusting signature chains going through them anyway the wot has serious issues but there are also very few decentralised trust protocols out there, it seems great that one is normalised but yeah improvements sorely needed
obviously without an out of band channel for cryptographic trust you have no way of knowing anything on the internet is real
But it looks to me that you can handle this, otherwise, you would not use it, right? :-)
it's like shopping at walmart when you're penniless in a remote area. sure, they won't give anyone in your town a job, but they're all you can afford so you become a reliable client. I appreciate how spamming this channel gives me psychological relief and [memory aid, records are hard for me]. But I do need reality to escape my psychosis. Your emails appear unsigned to me. I assume this is because they are coming through some form of govcorp, manipulating us both in some way.