[NZLUG] Getting people to use GPG

Mark Foster blakjak at blakjak.net
Wed Jun 19 12:03:39 NZST 2013


On 19/06/13 11:52, Robin Sheat wrote:
> Rob Connolly schreef op wo 19-06-2013 om 10:45 [+1200]:
>> Of course there is still the question of how much you 'trust' each
>> key.
>> I'm not sure what would happen if there were a path through the Web of
>> Trust from the keys in your GPG database to my key.
> Well, I get "Good signature, can't verify sender" in a yellow bar. This
> is because I have your key, but you have no signatures on it, so you
> might not be you. If there was a path to my key, that bar would be green
> and it'd say something more like "Good signature, sender verified" I
> guess.
>
> This is the issue with GPG-like systems, I think. Technical people are
> prepared to understand how a web-of-trust system works, but there's no
> reason to expect your average person to. They'll continue writing emails
> on postcards :)
>
> I'm not sure how you'd go about fixing that, there might be a way
> though.
>

Yeah, i'm using Enigmail (OpenPGP plugin for Thunderbird) and have
caved... I just created all new keys for me (if anyone did have my old
keys, please revoke. I don't even have a revocation key/cert to give
you, no trace of it anywhere... I wonder if it was on the USB stick I
lost a while back).

When I set it up it was for one particular purpose only, and i've never
really looked since.  For example Robin, I get the same yellow bar for
you but whereas before I was able to import Rob's public key
automatically, yours I can't.

Further, I don't default-sign stuff as I make frequent use of
non-plain-text email (which seems to be exclusive with signed email?) -
so i'd sign an email if I had a particular need to do so, but not every
time.

Mark.


More information about the NZLUG mailing list