Subj : Re: PGP question
To   : Warpslide
From : alterego
Date : Tue Jun 09 2020 09:03 am

  Re: Re: PGP question
  By: Warpslide to alterego on Mon Jun 08 2020 11:19 am

 Wa> Since PGP is inherently peer to peer, there's no central authority that
 Wa> controls it.  You would need a directory or listing of other people's
 Wa> public keys.

So the only value of cross-signing keys is to increase trust (of the public key). IE: If Alice and Bill signed Cindy's key, and I receive something from Cindy it must be Cindy (not somebody protending to bre Cindy) becase I know Alice and Bill and trust them...

(But Cindy also needs to give you her cross signed public key by Alice and Bill
 right?)

 Wa> If you didn't want to use a repository, you would then need to make sure
 Wa> each client had each other's public key locally.

Ahh, OK, I thought cross signing might mitigate that - but then you confirmed my doubts, tks.

....лоеп

.... Gossip is when you hear something you like about someone you don't.
--- SBBSecho 3.11-Linux
 * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

.