Hi August,

On 2020-01-05 20:41:53, you wrote to me:

 WvV>> Outside of fidonet. I see it sometimes in newsgroups. And I
 WvV>> know the (open)suse, software distribution system makes use of
 WvV>> gpg keys to sign the distributed software.

 AA> According to the info at https://sks-keyservers.net/status/

 AA>      Max keys:  5964828

 AA> That's really not a whole lot in the internet collective.

I wouldn't want to import them all to my keyring file! ;-)

 WvV>> I don't think "they" are going to trust it, untill there will
 WvV>> be a government key signing authority, that can "properly"
 WvV>> verify your identity.

 AA> Why not?  There is a vast pre-history of email exchange between me and
 AA> the vendor with many emails that include my customer/account number with
 AA> them. And my cheques even include the same customer/account number.  So,
 AA> they ought have great confidence that next time they send me something
 AA> to the same email address to sign, then my PGP-signed reply was done by
me.

That requires some human employer to check this, and would make the company
responsible in case a human mistake was made. They want that to be an external
risk, not theirs...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815