On Thu, Nov 4, 2021 at 1:44 AM Karl <gmkarl@gmail.com> wrote:
> do you argue against keysigning because of the dangers produced by spreading documentation of personal connections? it seems like an important trust mechanism to provide for people who can hold any risk of using it.
I used public key cryptography before PGP was invented and how the WoT
is managed I do not like.
Why give away to third parties the persons who signed your key,
instead of local signing, which can
be done too? And you can't trust signed pub keys from key signing
parties, because people can show
fake passports. Nor you can trust signatures made remotely by Joe user
average, who simply downloaded
your key and gave you a fan sig.
isn't this coverable by owner trust? my gnupg asks me to specify how much I trust the verifications made by others, before trusting signature chains going through them
anyway the wot has serious issues but there are also very few decentralised trust protocols out there, it seems great that one is normalised
but yeah improvements sorely needed
> obviously without an out of band channel for cryptographic trust you have no way of knowing anything on the internet is real
But it looks to me that you can handle this, otherwise, you would not
use it, right? :-)
it's like shopping at walmart when you're penniless in a remote area. sure, they won't give anyone in your town a job, but they're all you can afford so you become a reliable client.
I appreciate how spamming this channel gives me psychological relief and [memory aid, records are hard for me]. But I do need reality to escape my psychosis.
Your emails appear unsigned to me. I assume this is because they are coming through some form of govcorp, manipulating us both in some way.