What can I expect at a Key Signing party?

[Marc Mutz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 14 October 2001 19:21, Nick Andriash wrote:
<snip>
> What is the purpose of the "challenge"? What is it? What would having
> them return that to you tell you about them that you don't already
> know?
<snip>

If you send each listed mail address a different random string, each 
encrypted with the public key of which it is a UID, you make sure that 
the person that gave you the slip (and that owns the key) really 
controls all the mail addresses listed in the UID's.

E.g. I could have added "Graham Mutz <mutz@kde.org>" as a UID if I 
really was Graham Mutz of, say, Gnome. I could then intercept, read and 
answer mails you sent to mutz@kde.org and bribe you into using Gnome 
instead of KDE ;-) if you didn't bother to check whether mutz@kde.org 
is really me or some other Mutz (with this christian name, this is 
unlikely, but think s/Mutz/Smith/g)

Marc

- -- 
I consider the terrorist attacks on September 11th to be an attack
against America's ideals. If our freedoms erode because of those
attacks, then the terrorists have won.
                            -- Bruce Schneier, Crypto-Gram 09/2001
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7yfdr3oWD+L2/6DgRAjOzAJoCvsB1UM/o2lGXsg7m7y1RFJg/0QCgoElx
TXH/RRDaBAuuhdNKFXRCcIk=
=+B3W
-----END PGP SIGNATURE-----