Robot CA at toehold.com
Fri Dec 6 12:55:35 2002
At 17:27 2002-12-05 -0500, you wrote:
>On Thu, Dec 05, 2002 at 04:03:00PM -0600, Kyle Hasselbacher wrote:
>This still doesn't stop the doppelganger. The postmaster attack lets
>someone get a signed key in addition to the user's signed key. Then
>there would be two seemingly identical "Alices" on the keyserver. If
>people do notice, how do they pick from between the two? ("I'm
>Spartacus! No, I'm Spartacus!").
This is interesting! What can be done about this? Change the e-mailadress
and the key? I don't see any way to prevent it.
If it becomes frequent some verifikation of the link person - key must be
added. Or is there any work around?
How does MS Passport (and similar services) work? Passport will not mind if
the e-mail address is used by several people? It's very common on the web
with services that just validates the e-mail address. And they seem to work
so far ...