[SGVLUG] Keysigning
Dustin Laurence
dllaurence at dslextreme.com
Sat Nov 30 12:14:36 PST 2013
On 11/30/2013 10:27 AM, John Kreznar wrote:
> In nearly 20 years of using PGP, I've never once relied on WoT.
As stated, the WoT is not even part of the encryption scheme per se,
it's an optional but highly recommended way to do key exchange. If you
don't think you need it, then fine.
> The basic idea of public key encryption is very simple. It's a shame to
> unnecessarily clutter it with WoT.
Quite to the contrary, PGP would not be so useful for most serious
purposes--key exchange is a serious topic, and serious encryption users
must take as much care with it as with the encryption itself. If your
needs are not that strict, then you still gain from the existence of the
WoT, because without the WoT not many people would use PGP and so you
wouldn't likely be able to use it with the people you want to talk to.
The WoT has its weaknesses, but the other solutions involve either
direct key exchange, which doesn't scale, or a trusted authority, and
the whole point is not to have a trusted authority.
I assumed all this was general knowledge.
Dustin
More information about the SGVLUG
mailing list