playing with cryptography...
John W. Moore III
jmoore3rd at bellsouth.net
Sat May 3 22:43:28 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
> A few minor, picky points, FWIW:
> 1. Of course, the trustworthyness of anything claiming
> to be Government Issued Documentation always has to be
> evaluated (as do governments, too, I suppose).
As a General Rule it is hoped that Passports are checked for Identity
Authentication by the issuing Authority. I know that when I am
'confirming' the Identity of an Individual I require that I be shown a
narrow selection of Documentation. Documents that I am comfortable with
the level of difficulty of forgery. This is why it takes presentation
of 'Proof of Identity' to several folks to obtain a Named Certificate.
> 2. Is it "certain" that "Thawte has confirmed", or is it
> *claimed* that Thawte has confirmed?
They 'Ping' the Email Address to confirm control of it.
> 3. Of course, Thawte's confirmation process is however
> trustworthy or not as it may be, which has to be evaluated.
Which is why the level of Trust in any Certificate may be Edited by the
But all this discussion of x.509 Certificates is somewhat far afield
from the purpose of this particular List. If everyone here was
comfortable with S/MIME then We wouldn't be using GnuPG.
Timestamp: Saturday 03 May 2008, 16:42 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.5.0-svn4754: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
-----END PGP SIGNATURE-----
More information about the Gnupg-users