Virtual Keysignings

Ingo Klöcker ingo.kloecker@epost.de
Sun Jun 8 21:00:06 2003 

--Boundary-02=_fl24+VgxP4v7Jp0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Sunday 08 June 2003 15:05, CL Gilbert wrote:
> I think the difference would be that I admit I am no notary public.=20
> But others do not.  Is a drivers license good enough for you?

No. I wouldn't accept a driver's license. But I would accept a passport.=20
Of course, it would probably be easy to fool me with a foreign=20
(non-German) passport because I don't know what most foreign passports=20
look like it.

> they can be faked you know.

Every official document can be forged so that a layman can't tell the=20
difference. But are signatures on an OpenPGP key worth the risk?

> Do you have any training on determining fakes?

No.

> What good is a first and last name to you anyway? Their are 1000s of
> people with the same. Its only important that the carl gilbert that
> paid you for the work, is the carl gilbert you give the work too.  At
> least I think so.=20

You forgot the email address. Together with the email address you get a=20
one-to-one relation between keys and people (at least for those keys=20
that have a signature you trust).

Let's say I want to contact the Carl Gilbert who works at Rigid=20
Software. At the website of this company I find Carl's email address.=20
Unless I also find Carl's OpenPGP key on the company's website, I then=20
look for his key on the keyservers. If I now find one or more keys then=20
I check the signatures of those keys. If there's a key that is signed=20
by someone I trust then I assume that I found the correct key. That's=20
exactly how the web of trust works. It allows me to use keys that have=20
been signed by people I trust. I don't have to check all keys myself.

Regards,
Ingo


--Boundary-02=_fl24+VgxP4v7Jp0
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA+42lfGnR+RTDgudgRApFGAJ4v3JFwKoKiB6DizlCpOOHGZBF0NACg0tUJ
45sApyJ9W8SevN+SmgyzWSU=
=MVwr
-----END PGP SIGNATURE-----

--Boundary-02=_fl24+VgxP4v7Jp0--