|
|
|
|
|
|
by stavros
671 days ago
|
|
|
> Is it an oxymoron to generate an asymmetrical cryptographic signature, send it to someone, and that someone verify the signature with the public key? Of course not. I verify because I don't trust them. > Why not just "trust" them instead? You have a contact and you know them, can't you trust them? No, the risk of trust is too high against the cost of spending a second verifying. > This is what "trust but verify" means. It means audit everything you can. Do not really on trust alone. Your comment just showed an example of something I don't trust and asked "why not trust instead"? The question even undermines your very point, because "why not trust them instead?" assumes (correctly) that I don't trust them, so I need to verify. |
|
|