Hi Paul,
On 21 Sep 2015, at 15:14, Paul Wouters wrote:
On Mon, 21 Sep 2015, John Levine wrote:
OPENPGP is a data format, WoT is one way to employ that format to
exchange messages. It is not a *required* way to use OPENPGP.
Sure, but it's the way that everyone has used PGP for 20 years,
and it's the security model that everyone I know expects when they
use PGP keys.
Actually, nmost people I know never use the WoT. They only use keys
obtained directly from the person they want to exchange encrypted
email
with.
I think most people who use any trust model use the WoT, because that's
what the common implementations make easy.
I think most people don't use any useful trust model, though. I see a
lot of "send me your public key in plain text so I can talk privately
about this thing", but no appreciation for the threat models in such a
key exchange.
Joe