Hacker Read

chaz72 | karma 257 | avg karma 2.27 · 2015-03-03 18:51:00+00:00

For those already using PGP, that sounds great. For me, who is not using PGP, my set of trusted keys is currently empty. So it is unverified.

Which, arguably, might be safer than being overly trusting of my "trusted CAs", which is verified by a flawed system.

I guess I'm still not thrilled wih my options overall, but thank you for your time explaining how to use PGP.

reply

dredmorbius | karma 63069 | avg karma 2.05 · 2015-03-04 01:07:02+00:00

The WoT is both PGP's strength and weakness. Lacking anything else, key security staff for various Linux distributions and key EFF members isn't a bad starting point for this. Assigning those "marginal" trust means that you'd have to have three of those signing a given key to trust it.

chaz72 | karma 257 | avg karma 2.27 · 2015-03-04 22:40:51+00:00

Ah, now that is what I was looking for but didn't know how to ask. A few starting points I might trust would go a long way.