Thanks for the reply, dkg! I think you sent this before finishing a few paragraphs -- I've marked them below. On Mon, 2013-09-30 at 19:20 -0400, Daniel Kahn Gillmor wrote: > > 2. Every time I verify a signature from a key sent to an email address > > that is not mine (like a mailinglist), my mail client adds a tiny amount > > of trust to that key (since each new public email+signature downloaded > > represents an observation of the key via a potentially distinct network > > path that should also be observed by multiple people, including the > > sender). > > i don't think "trust" ... > I think this would be a really useful project to work on, though the > nuances are subtle and not everyone would make the same tradeoffs. I > think it would be ^^here > > > 3. Every time I am about to encrypt mail to a key, check the key servers > > for that email address, download the key, and make sure it is still the > > same (SSH/TOFU-style). > > This is sort of the opposite of TOFU -- ... > Also, note that real-time key refreshes upon every use leak a not > insignificant amount of activity metadata to the keyservers and to > anyone capable of monitoring the network path between the OpenPGP client > and the keyservers. This might not be ^^ and here -- Sent from Ubuntu
Attachment:
signature.asc
Description: This is a digitally signed message part
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk