On September 19, 2004 1:02 am, Jeff Lee wrote: > Would it be a safe bet for me to go ahead and mark people that I recieve > email from on this list as trusted with gnupg? I realize that I shouldn't It seems to me that this is the only sensible way to act. Since few of us will ever meet, the *only* persona that we will ever want to verify is the one we see on this list. So if a person self-identifies with a gpg key, then that can be that person's signature from then on and that's all we really need to know, isn't it? (That we're speaking to the same person 2 weeks from now that we were speaking to today.) Of course, no one should relate any real-world identity to an unverified electronic identity, just because someone generates a gpg key, but I doubt anyone is foolish enough to do that. -- Trevor Smith // trevor@xxxxxxxxxxxxxx
