On Tue, Jun 17, 2003 at 06:57:08PM +0530, Manish Jethani wrote:
Ravindra Jaju wrote:
"I trust people so much that I don't care about signatures ..."
"I trust people so much that I don't care about *their* signatures ..." is what I meant. I am just happy reading the mails without worrying about anything on an ML. :)
*You* sign your email so that *others* can trust you. Your trusting everyone else is not a valid excuse for not signing your email :P
To verify whether everything is in proper shape, you need to have the senders' public keys with you *before hand*. How would you do this for the first time? Or, in case of keys which are not signed by any trusted members in your key-ring?
Quite tedious, isn't it? Unless you take a lot of pains (best is to meet in person and take the other person's public key), there is always a possibility of a weak link somewhere. Even the phone line could be compromised (in case you plan to exchange that key over the phone), or the person on the other side might not be the one you are looking for. There has to be an element of trust *somewhere*!