[buug] GPG Keysigning
Aaron T Porter
atporter at primate.net
Thu Sep 19 14:42:29 PDT 2002
On Thu, Sep 19, 2002 at 04:37:53PM -0500, Brian Sobolak wrote:
> Call me St. Thomas, but this seems awfully
> complicated. Not for Sysadmin types, but for humans.
>
> The hope that normal users will ever be able to
> exchange email securely seems so distant.
Security is easy, I can encrypt away all day but how do I know
that I'm actually using the key of the person on the far end? It would be
trivial to write up a quick perl/visual basic/java script that would
generate a key and send it to a public keyserver. Also quite trivial to
hack your MTA to poll for a public key before sending out mail, but how do
you know you're getting a valid key? Trust is the hard part, encryption is
easy.
More information about the buug
mailing list