Robot CA at

Per Tunedal
Fri Dec 6 12:55:35 2002

At 17:27 2002-12-05 -0500, you wrote:
 >On Thu, Dec 05, 2002 at 04:03:00PM -0600, Kyle Hasselbacher wrote:

 >This still doesn't stop the doppelganger.  The postmaster attack lets
 >someone get a signed key in addition to the user's signed key.  Then
 >there would be two seemingly identical "Alices" on the keyserver.  If
 >people do notice, how do they pick from between the two?  ("I'm
 >Spartacus!  No, I'm Spartacus!").

This is interesting! What can be done about this? Change the e-mailadress 
and the key? I don't see any way to prevent it.
If it becomes frequent some verifikation of the link person - key must be 
added. Or is there any work around?

How does MS Passport (and similar services) work? Passport will not mind if 
the e-mail address is used by several people? It's very common on the web 
with services that just validates the e-mail address. And they seem to work 
so far ...

Per Tunedal