[spam][joke][cryptotragedy] checking signatures on boot media

Stefan Claas spam.trap.mailing.lists at gmail.com
Thu Nov 4 08:31:06 PDT 2021

On Thu, Nov 4, 2021 at 1:44 AM Karl <gmkarl at gmail.com> wrote:

> do you argue against keysigning because of the dangers produced by spreading documentation of personal connections? it seems like an important trust mechanism to provide for people who can hold any risk of using it.

I used public key cryptography before PGP was invented and how the WoT
is managed I do not like.

Why give away to third parties the persons who signed your key,
instead of local signing, which can
be done too? And you can't trust signed pub keys from key signing
parties, because people can show
fake passports. Nor you can trust signatures made remotely by Joe user
average, who simply downloaded
your key and gave you a fan sig.

> obviously without an out of band channel for cryptographic trust you have no way of knowing anything on the internet is real

But it looks to me that you can handle this, otherwise, you would not
use it, right? :-)


More information about the cypherpunks mailing list