A PGP key is part of a user “identity” like a Twitter or Github Handle When I track you, I sign your “eldest” key, and your social identities, including your PGP fingerprints

gpg4win: other: Andre Heinecke r2mail2: Stefan Selbitschka Eric Johnson (NGO Internews) Daniel Kahn Gillmor (Debian, IETF, ACLU) Kristian Fiskerstrand (SKS) PEP: Piotr Zduniak …

Information partially provided too late, e.g. use from secure machines after completed setup Lack of definition of terminology, e.g. PGP-encryption, key password Lack of information regarding …

Enigmailandp≡p Enigmail will use pEp Engine for mail encryption

sig!3 E3EDFAE3 2013-11-03 never Kristian Fiskerstrand <[email protected]> sig!2 PNX 08AB4849 2014-02-08 2015-02-08 …

GPG at TNG GPG setup mandatory TNG web of trust internal key server GPG groups for mailing lists ... supported by custom key sync scripts future plan: internal LDAP auto signer

Depends on In-Person Authority CAs Signed PGP certs Scale “Trusted” Third Party Undetected MITM