On 05/01/2020 2:29 p.m., Wilfred van Velzen : August Abolins wrote:

 AA>> According to the info at https://sks-keyservers.net/status/
 AA>> Max keys: 5964828
 AA>> That's really not a whole lot in the internet collective.

 WvV> I wouldn't want to import them all to my keyring file!

I was just pointing out that globally, there is a relatively small
number of people posting their keys.

 AA>> ............................. So, they ought have great
 AA>> confidence that next time they send me something to the same
 AA>> email address to sign, then my PGP-signed reply was done by me.

 WvV> That requires some human employer to check this, and would make
 WvV> the company responsible in case a human mistake was made. They
 WvV> want that to be an external risk, not theirs...

Maybe true re external risk. But if we are just talking about a
signature for a release-date acknowledgement, all "they" have to do is
pull my public key to verify that the pgp-signed message with "I agree"
was indeed penned by me.

Some aspects of business-2-business are ripe for pgp.

 ../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.9.1